Debian Security Advisory
DSA-2183-1 nbd -- buffer overflow
- Date Reported:
- 04 Mar 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-0530.
- More information:
It was discovered a regression of a buffer overflow (CVE-2005-3534) in NBD, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request.
For the oldstable distribution (lenny), this problem has been fixed in version 1:2.9.11-3lenny1.
The stable distribution (squeeze), the testing distribution (wheezy), and the unstable distribution (sid) are not affected. This problem was fixed prior the release of squeeze in version 1:2.9.16-8.
We recommend that you upgrade your nbd packages.