oss-sec mailing list archives
CVE Request: nbd denial of service
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Tue, 19 May 2015 12:16:08 +0200
Hello, the following vulnerability was reported in the Debian bug tracker for nbd:
There's a remotely exploitable denial of service flaw, similar/identical to CVE-2011-1925 in nbd-server. It has been documented publicly in 2013-01-28[1]. It has been fixed in upstream version 3.4 [2] and hence affects only the stable release (1:3.2-4~deb7u4). [1]: http://sourceforge.net/p/nbd/mailman/message/30410146/ [2]: https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4 The flaw can be exploited easily by connecting to a server (listening at 10.0.0.1 in this example) and asking for a non-existing export: nbd-client 10.0.0.1 -N some-non-existing-export-name /dev/nbd1 The root (listener) nbd-server process will exit because of failed negotiation procedure, effectively denying the service from others.
See https://bugs.debian.org/781547 According to the upstream author (Wouter Verhelst):
versions <= 2.9.16 and >= 3.4 are definitely not vulnerable. Versions released immediately after CVE-2011-1925 are *probably* not vulnerable, but I'm not sure (and I don't want to go test all of them...). Versions released between 2.9.16 and 2.9.22 (which fixes CVE-2011-1925) are vulnerable in the sense that the bad design is still there, but I don't believe they would crash in that manner.
Can a CVE be assigned for this please? Cheers
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: nbd denial of service Alessandro Ghedini (May 19)
- Re: CVE Request: nbd denial of service cve-assign (May 21)