2. Theres no check for the src address and port of the replies to
forwarded calls to match the dst address and port of the original
call.
rpcbind does not check that RPC reply messages, received on the
socket used to forward CALLIT requests, have a valid source address,
Disclaimer:
The opinions expressed in this advisory and program are my own and not
of any company.
The usual standard disclaimer applies, especially the fact that Georgi
Guninski
is not liable for any damages caused by direct or indirect use of the
information or functionality provided by this