| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jan 6 09:12:09 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-237-1] nbd vulnerability
===========================================================
Ubuntu Security Notice USN-237-1 January 06, 2006
nbd vulnerability
CVE-2005-3354
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
nbd-server
The problem can be corrected by upgrading the affected package to
version 1:2.7.4-1ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Kurt Fitzner discovered that the NBD (network block device) server did
not correctly verify the maximum size of request packets. By sending
specially crafted large request packets, a remote attacker who is
allowed to access the server could exploit this to execute arbitrary
code with root privileges.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4-1ubuntu0.1.diff.gz
Size/MD5: 33658 9681548b7c1a6382eae974202817d7b9
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4-1ubuntu0.1.dsc
Size/MD5: 588 29acf0d03aae92f01ad55faf0bc315e4
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4.orig.tar.gz
Size/MD5: 131430 841999f8d7ae0d6a903a6285ff68a49e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-client_2.7.4-1ubuntu0.1_amd64.deb
Size/MD5: 22292 dd1283e9e72c3e468a8395ac4e4ee5f9
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-server_2.7.4-1ubuntu0.1_amd64.deb
Size/MD5: 29780 3e33c37166bb012f07233bafbd8dcfc2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-client_2.7.4-1ubuntu0.1_i386.deb
Size/MD5: 22306 224ebd247235d85b13d127c4a14e1d8e
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-server_2.7.4-1ubuntu0.1_i386.deb
Size/MD5: 30020 ec25105a117d294f401f751fccf31737
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-client_2.7.4-1ubuntu0.1_powerpc.deb
Size/MD5: 22298 0efb5b981bbc2d62e67b8c8fef322e56
http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd-server_2.7.4-1ubuntu0.1_powerpc.deb
Size/MD5: 31996 a4ace5d1280fab68a6fc0c93bc4fccc0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060106/99ccd993/attachment.bin
Powered by blists - more mailing lists