Gentoo Logo

NBD Tools: Buffer overflow in NBD server

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200512-14 / NBD
Release Date December 23, 2005
Latest Revision December 23, 2005: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
sys-block/nbd < 2.8.2-r1 >= 2.8.2-r1 All supported architectures

Related bugreports: #116314

Synopsis

The NBD server is vulnerable to a buffer overflow that may result in the execution of arbitrary code.

2.  Impact Information

Background

The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server.

Description

Kurt Fitzner discovered that the NBD server allocates a request buffer that fails to take into account the size of the reply header.

Impact

A remote attacker could send a malicious request that can result in the execution of arbitrary code with the rights of the NBD server.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All NBD Tools users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-block/nbd-2.8.2-r1"

4.  References

Print

Updated December 23, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Support OSL

Support OSL

Gentoo Centric Hosting: vr.org

VR Hosted

Tek Alchemy

Tek Alchemy

SevenL.net

SevenL.net

Global Netoptex Inc.

Global Netoptex Inc.

Linux World Expo

Linux World Expo
Copyright 2001-2008 Gentoo Foundation, Inc. Questions, Comments? Contact us.