oss-sec mailing list archives
Re: CVE request: nbd-server
From: Wouter Verhelst <w () uter be>
Date: Tue, 17 May 2011 20:40:01 +0200
On Tue, May 17, 2011 at 11:07:46AM -0600, Vincent Danen wrote:
* [2011-05-17 10:38:20 +0200] Thijs Kinkhorst wrote:Hi, In Debian the following was reported: nbd-server 2.9.21 has a NULL-pointer dereference in its negotiation phase, which allows unauthenticated users to DoS the server by causing the negotiation to fail (e.g., by specifying a non-existing name for an export). Filed as http://bugs.debian.org/627042. This affects only 2.9.21 so for us goes that only our unstable distribution is affected. We'd like to have a CVE name for this.The Debian bug is really light on details, so here is the git commit that fixes this: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commitdiff;h=ebbbe0b3ce5393fa42a259f5e03d549508586aaa But I don't see any evidence that this _only_ affects 2.9.21. Are we sure that it doesn't affect earlier versions? The reporter doesn't indicate one way or the other.
Yes, absolutely; 2.9.21 and 2.9.21a (diff between .21 and .21a is a documentation-related file that wasn't added to Makefile.am). The bug was introduced with this commit: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commit;h=9ea4e742ce6f1b7793d1edfca70427a8660aeffa To be 100% sure, I just checked out the tree at the 2.9.20 tag and recompiled; I couldn't reproduce it. -- The volume of a pizza of thickness a and radius z can be described by the following formula: pi zz a
Current thread:
- CVE request: nbd-server Thijs Kinkhorst (May 17)
- Re: CVE request: nbd-server Vincent Danen (May 17)
- Re: CVE request: nbd-server Wouter Verhelst (May 17)
- Re: CVE request: nbd-server Vincent Danen (May 17)
- Re: CVE request: nbd-server Wouter Verhelst (May 17)
- Re: CVE request: nbd-server Josh Bressers (May 17)
- Re: CVE request: nbd-server Vincent Danen (May 17)