CVE-2013-7441

Published: 29 May 2015

The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

Priority

Status

Package	Release	Status
nbd Launchpad, Ubuntu, Debian	upstream	Released (1:3.4-1)
	precise	Released (1:2.9.25-2ubuntu1.1)
	trusty	Not vulnerable (1:3.7-1)
	utopic	Not vulnerable
	vivid	Not vulnerable
	Patches: upstream: https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7441
http://www.openwall.com/lists/oss-security/2015/05/19/6
https://ubuntu.com/security/notices/USN-2676-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781547

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›