Bugzilla – Bug 694250
VUL-0: CVE-2011-1925: nbd: NULL-pointer dereference
Last modified: 2017-07-03 07:34:36 UTC
Hi. There is a security bug in package 'nbd'. This information is from 'oss-security'. This bug is public. There is no coordinated release date (CRD) set. Original posting: ---------- Weitergeleitete Nachricht ---------- Betreff: [oss-security] CVE request: nbd-server Datum: Dienstag, 17. Mai 2011, 10:38:20 Von: "Thijs Kinkhorst" <thijs@debian.org> An: oss-security@lists.openwall.com Hi, In Debian the following was reported: nbd-server 2.9.21 has a NULL-pointer dereference in its negotiation phase, which allows unauthenticated users to DoS the server by causing the negotiation to fail (e.g., by specifying a non-existing name for an export). Filed as http://bugs.debian.org/627042. This affects only 2.9.21 so for us goes that only our unstable distribution is affected. We'd like to have a CVE name for this. Cheers, Thijs -------------------------------------------------------------
Re: [oss-security] CVE request: nbd-server Von: Vincent Danen <vdanen@redhat.com> An: oss-security@lists.openwall.com Kopie: wouter@debian.org * [2011-05-17 10:38:20 +0200] Thijs Kinkhorst wrote: >Hi, > >In Debian the following was reported: >nbd-server 2.9.21 has a NULL-pointer dereference in its negotiation >phase, which allows unauthenticated users to DoS the server by causing >the negotiation to fail (e.g., by specifying a non-existing name for an >export). > >Filed as http://bugs.debian.org/627042. This affects only 2.9.21 so for us >goes that only our unstable distribution is affected. > >We'd like to have a CVE name for this. The Debian bug is really light on details, so here is the git commit that fixes this: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commitdiff;h=ebbbe0b3ce5393fa42a259f5e03d549508586aaa But I don't see any evidence that this only affects 2.9.21. Are we sure that it doesn't affect earlier versions? The reporter doesn't indicate one way or the other. CC'ing Wouter for clarification. -- Vincent Danen / Red Hat Security Response Team
Re: [oss-security] CVE request: nbd-server Von: Wouter Verhelst <w@uter.be> An: Vincent Danen <vdanen@redhat.com> Kopie: oss-security@lists.openwall.com On Tue, May 17, 2011 at 11:07:46AM -0600, Vincent Danen wrote: > * [2011-05-17 10:38:20 +0200] Thijs Kinkhorst wrote: > > >Hi, > > > >In Debian the following was reported: > >nbd-server 2.9.21 has a NULL-pointer dereference in its negotiation > >phase, which allows unauthenticated users to DoS the server by causing > >the negotiation to fail (e.g., by specifying a non-existing name for an > >export). > > > >Filed as http://bugs.debian.org/627042. This affects only 2.9.21 so for us > >goes that only our unstable distribution is affected. > > > >We'd like to have a CVE name for this. > > The Debian bug is really light on details, so here is the git commit > that fixes this: > > http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commitdiff;h=ebbbe0b3ce5393fa42a259f5e03d549508586aaa > > But I don't see any evidence that this only affects 2.9.21. Are we > sure that it doesn't affect earlier versions? The reporter doesn't > indicate one way or the other. Yes, absolutely; 2.9.21 and 2.9.21a (diff between .21 and .21a is a documentation-related file that wasn't added to Makefile.am). The bug was introduced with this commit: http://nbd.git.sourceforge.net/git/gitweb.cgi?p=nbd/nbd;a=commit;h=9ea4e742ce6f1b7793d1edfca70427a8660aeffa To be 100% sure, I just checked out the tree at the 2.9.20 tag and recompiled; I couldn't reproduce it. -- The volume of a pizza of thickness a and radius z can be described by the following formula: pi zz a
CVE-2011-1925
ignore: p5->p3 mass change
As it only affects 2.9.21 and not 2.9.20 which is our latest version, I close this one.