[SECURITY] [DSA 2183-1] nbd security update

2011-03-0505:49:17

lists.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.262 Low

EPSS

Percentile

96.7%

JSON

Debian Security Advisory DSA-2183-1 [email protected]
http://www.debian.org/security/ Raphael Geissert
March 04, 2011 http://www.debian.org/security/faq

Package : nbd
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0530

It was discovered a regression of a buffer overflow (CVE-2005-3534) in nbd,
the Network Block Device server, that could allow arbitrary code execution
on the NBD server via a large request.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:2.9.11-3lenny1.

The stable distribution (squeeze), the testing distribution (wheezy),
and the unstable distribution (sid) are not affected. This problem was
fixed prior the release of squeeze in version 1:2.9.16-8.

We recommend that you upgrade your nbd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5amd64nbd-client< 1:2.9.11-3lenny1nbd-client_1:2.9.11-3lenny1_amd64.deb
Debian5hppanbd-client-udeb< 1:2.9.11-3lenny1nbd-client-udeb_1:2.9.11-3lenny1_hppa.deb
Debian5alphanbd-client-udeb< 1:2.9.11-3lenny1nbd-client-udeb_1:2.9.11-3lenny1_alpha.deb
Debian5armelnbd-server< 1:2.9.11-3lenny1nbd-server_1:2.9.11-3lenny1_armel.deb
Debian5alphanbd-client< 1:2.9.11-3lenny1nbd-client_1:2.9.11-3lenny1_alpha.deb
Debian5i386nbd-client< 1:2.9.11-3lenny1nbd-client_1:2.9.11-3lenny1_i386.deb
Debian5mipsnbd-server< 1:2.9.11-3lenny1nbd-server_1:2.9.11-3lenny1_mips.deb
Debian5i386nbd-server< 1:2.9.11-3lenny1nbd-server_1:2.9.11-3lenny1_i386.deb
Debian5allnbd< 1:2.9.11-3lenny1nbd_1:2.9.11-3lenny1_all.deb
Debian5ia64nbd-client< 1:2.9.11-3lenny1nbd-client_1:2.9.11-3lenny1_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	amd64	nbd-client	< 1:2.9.11-3lenny1	nbd-client_1:2.9.11-3lenny1_amd64.deb
Debian	5	hppa	nbd-client-udeb	< 1:2.9.11-3lenny1	nbd-client-udeb_1:2.9.11-3lenny1_hppa.deb
Debian	5	alpha	nbd-client-udeb	< 1:2.9.11-3lenny1	nbd-client-udeb_1:2.9.11-3lenny1_alpha.deb
Debian	5	armel	nbd-server	< 1:2.9.11-3lenny1	nbd-server_1:2.9.11-3lenny1_armel.deb
Debian	5	alpha	nbd-client	< 1:2.9.11-3lenny1	nbd-client_1:2.9.11-3lenny1_alpha.deb
Debian	5	i386	nbd-client	< 1:2.9.11-3lenny1	nbd-client_1:2.9.11-3lenny1_i386.deb
Debian	5	mips	nbd-server	< 1:2.9.11-3lenny1	nbd-server_1:2.9.11-3lenny1_mips.deb
Debian	5	i386	nbd-server	< 1:2.9.11-3lenny1	nbd-server_1:2.9.11-3lenny1_i386.deb
Debian	5	all	nbd	< 1:2.9.11-3lenny1	nbd_1:2.9.11-3lenny1_all.deb
Debian	5	ia64	nbd-client	< 1:2.9.11-3lenny1	nbd-client_1:2.9.11-3lenny1_ia64.deb