GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Dec 23, 2005 7:26 pm Post subject: [ GLSA 200512-14 ] NBD Tools: Buffer overflow in NBD server |
 |
|
Gentoo Linux Security Advisory
Title: NBD Tools: Buffer overflow in NBD server (GLSA 200512-14)
Severity: high
Exploitable: remote
Date: December 23, 2005
Bug(s): #116314
ID: 200512-14
Synopsis
The NBD server is vulnerable to a buffer overflow that may result in the execution of arbitrary code.
Background
The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server.
Affected Packages
Package: sys-block/nbd
Vulnerable: < 2.8.2-r1
Unaffected: >= 2.8.2-r1
Architectures: All supported architectures
Description
Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the reply header.
Impact
A remote attacker could send a malicious request that can result in the execution of arbitrary code with the rights of the NBD server.
Workaround
There is no known workaround at this time.
Resolution
All NBD Tools users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-block/nbd-2.8.2-r1" |
References
CVE-2005-3534
Last edited by GLSA on Sun May 07, 2006 4:59 pm; edited 1 time in total |
|
News & Announcements
