CVE-2011-1925
Published: 31 May 2011
nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.
Notes
| Author | Note |
|---|---|
| mdeslaur | seems to be introduced by: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commitdiff;h=9ea4e742ce6f1b7793d1edfca70427a8660aeffa only affects 2.9.21 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nbd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
(1:2.9.14-2ubuntu1)
|
|
| maverick |
Not vulnerable
(1:2.9.14-2ubuntu1)
|
|
| natty |
Not vulnerable
(1:2.9.16-7.1ubuntu2)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(1:2.9.25-2ubuntu1)
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| upstream |
Released
(1:2.9.22-1)
|
|
|
Patches: upstream: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commit;h=ebbbe0b3ce5393fa42a259f5e03d549508586aaa |
||