SB2011022204 - Buffer overflow in nbd.sourceforge.net nbd
Published: February 22, 2011 Updated: August 11, 2020
Security Bulletin ID
SB2011022204
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2011-0530)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.
Remediation
Install update from vendor's website.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://openwall.com/lists/oss-security/2011/01/28/3
- http://openwall.com/lists/oss-security/2011/01/31/7
- http://secunia.com/advisories/43353
- http://secunia.com/advisories/43610
- http://security.gentoo.org/glsa/glsa-201206-35.xml
- http://www.debian.org/security/2011/dsa-2183
- http://www.securityfocus.com/bid/46572
- http://www.vupen.com/english/advisories/2011/0403
- http://www.vupen.com/english/advisories/2011/0582
- https://bugzilla.redhat.com/show_bug.cgi?id=673562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65720
- https://github.com/yoe/nbd/commit/3ef52043861ab16352d49af89e048ba6339d6df8
- https://hermes.opensuse.org/messages/8086846