oss-sec mailing list archives
Re: CVE request: nbd-server
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 17 May 2011 13:32:56 -0600
* [2011-05-17 20:40:01 +0200] Wouter Verhelst wrote:
On Tue, May 17, 2011 at 11:07:46AM -0600, Vincent Danen wrote:* [2011-05-17 10:38:20 +0200] Thijs Kinkhorst wrote: >Hi, > >In Debian the following was reported: >nbd-server 2.9.21 has a NULL-pointer dereference in its negotiation >phase, which allows unauthenticated users to DoS the server by causing >the negotiation to fail (e.g., by specifying a non-existing name for an >export). > >Filed as http://bugs.debian.org/627042. This affects only 2.9.21 so for us >goes that only our unstable distribution is affected. > >We'd like to have a CVE name for this. The Debian bug is really light on details, so here is the git commit that fixes this: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commitdiff;h=ebbbe0b3ce5393fa42a259f5e03d549508586aaa But I don't see any evidence that this _only_ affects 2.9.21. Are we sure that it doesn't affect earlier versions? The reporter doesn't indicate one way or the other.Yes, absolutely; 2.9.21 and 2.9.21a (diff between .21 and .21a is a documentation-related file that wasn't added to Makefile.am). The bug was introduced with this commit: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commit;h=9ea4e742ce6f1b7793d1edfca70427a8660aeffa To be 100% sure, I just checked out the tree at the 2.9.20 tag and recompiled; I couldn't reproduce it.
Fantastic. Thank you for the check and the additional commit link. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: nbd-server Thijs Kinkhorst (May 17)
- Re: CVE request: nbd-server Vincent Danen (May 17)
- Re: CVE request: nbd-server Wouter Verhelst (May 17)
- Re: CVE request: nbd-server Vincent Danen (May 17)
- Re: CVE request: nbd-server Wouter Verhelst (May 17)
- Re: CVE request: nbd-server Josh Bressers (May 17)
- Re: CVE request: nbd-server Vincent Danen (May 17)