lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Jan 2006 10:11:57 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-237-1] nbd vulnerability

===========================================================
Ubuntu Security Notice USN-237-1	   January 06, 2006
nbd vulnerability
CVE-2005-3354
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

nbd-server

The problem can be corrected by upgrading the affected package to
version 1:2.7.4-1ubuntu0.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Kurt Fitzner discovered that the NBD (network block device) server did
not correctly verify the maximum size of request packets. By sending
specially crafted large request packets, a remote attacker who is
allowed to access the server could exploit this to execute arbitrary
code with root privileges.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4-1ubuntu0.1.diff.gz
      Size/MD5:    33658 9681548b7c1a6382eae974202817d7b9
    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4-1ubuntu0.1.dsc
      Size/MD5:      588 29acf0d03aae92f01ad55faf0bc315e4
    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4.orig.tar.gz
      Size/MD5:   131430 841999f8d7ae0d6a903a6285ff68a49e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-client_2.7.4-1ubuntu0.1_amd64.deb
      Size/MD5:    22292 dd1283e9e72c3e468a8395ac4e4ee5f9
    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-server_2.7.4-1ubuntu0.1_amd64.deb
      Size/MD5:    29780 3e33c37166bb012f07233bafbd8dcfc2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-client_2.7.4-1ubuntu0.1_i386.deb
      Size/MD5:    22306 224ebd247235d85b13d127c4a14e1d8e
    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-server_2.7.4-1ubuntu0.1_i386.deb
      Size/MD5:    30020 ec25105a117d294f401f751fccf31737

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-client_2.7.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    22298 0efb5b981bbc2d62e67b8c8fef322e56
    http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-server_2.7.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    31996 a4ace5d1280fab68a6fc0c93bc4fccc0

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists