Security Information / 2011 / Security Information -- DSA-2183-1 nbd

Debian Security Advisory

DSA-2183-1 nbd -- buffer overflow

Date Reported:

04 Mar 2011

Affected Packages:

nbd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-0530.

More information:

It was discovered a regression of a buffer overflow (CVE-2005-3534) in NBD, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request.

For the oldstable distribution (lenny), this problem has been fixed in version 1:2.9.11-3lenny1.

The stable distribution (squeeze), the testing distribution (wheezy), and the unstable distribution (sid) are not affected. This problem was fixed prior the release of squeeze in version 1:2.9.16-8.

We recommend that you upgrade your nbd packages.