Debian Security Advisory

DSA-2183-1 nbd -- buffer overflow

Date Reported:
04 Mar 2011
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2011-0530.
More information:

It was discovered a regression of a buffer overflow (CVE-2005-3534) in NBD, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request.

For the oldstable distribution (lenny), this problem has been fixed in version 1:2.9.11-3lenny1.

The stable distribution (squeeze), the testing distribution (wheezy), and the unstable distribution (sid) are not affected. This problem was fixed prior the release of squeeze in version 1:2.9.16-8.

We recommend that you upgrade your nbd packages.