It was discovered that nbd-server, the server for the Network Block
Device protocol, did incorrect parsing of the access control lists,
allowing access to any hosts with an IP address sharing a prefix with
an allowed address.
For the oldstable distribution (squeeze), this problem has been fixed in
version 1:2.9.16-8+squeeze1.
For the stable distribution (wheezy), this problem has been fixed in
version 1:3.2-4~deb7u4.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your nbd packages.
CPE | Name | Operator | Version |
---|---|---|---|
nbd | eq | 1:3.2-4~deb7u4~bpo60+1 | |
nbd | eq | 1:3.2-4~deb7u3 | |
nbd | eq | 1:3.2-3 | |
nbd | eq | 1:3.2-2 | |
nbd | eq | 1:3.2-4~deb7u1 | |
nbd | eq | 1:3.2-4~deb7u2 |