USN-237-1: nbd vulnerability
Posted on: 01/06/2006 11:22 AM

A new nbd vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-237-1 January 06, 2006
nbd vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 1:2.7.4-1ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Kurt Fitzner discovered that the NBD (network block device) server did
not correctly verify the maximum size of request packets. By sending
specially crafted large request packets, a remote attacker who is
allowed to access the server could exploit this to execute arbitrary
code with root privileges.

Source archives:
Size/MD5: 33658 9681548b7c1a6382eae974202817d7b9
Size/MD5: 588 29acf0d03aae92f01ad55faf0bc315e4
Size/MD5: 131430 841999f8d7ae0d6a903a6285ff68a49e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 22292 dd1283e9e72c3e468a8395ac4e4ee5f9
Size/MD5: 29780 3e33c37166bb012f07233bafbd8dcfc2

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 22306 224ebd247235d85b13d127c4a14e1d8e
Size/MD5: 30020 ec25105a117d294f401f751fccf31737

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 22298 0efb5b981bbc2d62e67b8c8fef322e56
Size/MD5: 31996 a4ace5d1280fab68a6fc0c93bc4fccc0

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.2 (GNU/Linux)


Printed from Linux Compatible (