CVE-2011-1925
Published: 31 May 2011
nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.
Notes
Author | Note |
---|---|
mdeslaur | seems to be introduced by: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commitdiff;h=9ea4e742ce6f1b7793d1edfca70427a8660aeffa only affects 2.9.21 |
Priority
Status
Package | Release | Status |
---|---|---|
nbd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(1:2.9.14-2ubuntu1)
|
|
maverick |
Not vulnerable
(1:2.9.14-2ubuntu1)
|
|
natty |
Not vulnerable
(1:2.9.16-7.1ubuntu2)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1:2.9.25-2ubuntu1)
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Released
(1:2.9.22-1)
|
|
Patches: upstream: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commit;h=ebbbe0b3ce5393fa42a259f5e03d549508586aaa |