drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in nbd
Name: |
Pufferüberlauf in nbd |
|
ID: |
USN-237-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 5.10 |
|
Datum: |
Fr, 6. Januar 2006, 10:23 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3354 |
|
Applikationen: |
nbd |
|
Originalnachricht |
--===============1701985652== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline
--WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-237-1 January 06, 2006 nbd vulnerability CVE-2005-3354 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
nbd-server
The problem can be corrected by upgrading the affected package to version 1:2.7.4-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Source archives:
nbd_2.7.4-1ubuntu0.1.diff.gz Size/MD5: 33658 9681548b7c1a6382eae974202817d7b9 http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4-1ubuntu0.1.dsc Size/MD5: 588 29acf0d03aae92f01ad55faf0bc315e4 http://security.ubuntu.com/ubuntu/pool/main/n/nbd/nbd_2.7.4.orig.tar.gz Size/MD5: 131430 841999f8d7ae0d6a903a6285ff68a49e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
nbd-client_2.7.4-1ubuntu0.1_amd64.deb Size/MD5: 22292 dd1283e9e72c3e468a8395ac4e4ee5f9 nbd-server_2.7.4-1ubuntu0.1_amd64.deb Size/MD5: 29780 3e33c37166bb012f07233bafbd8dcfc2
i386 architecture (x86 compatible Intel/AMD)
nbd-client_2.7.4-1ubuntu0.1_i386.deb Size/MD5: 22306 224ebd247235d85b13d127c4a14e1d8e nbd-server_2.7.4-1ubuntu0.1_i386.deb Size/MD5: 30020 ec25105a117d294f401f751fccf31737
powerpc architecture (Apple Macintosh G3/G4/G5)
nbd-client_2.7.4-1ubuntu0.1_powerpc.deb Size/MD5: 22298 0efb5b981bbc2d62e67b8c8fef322e56 nbd-server_2.7.4-1ubuntu0.1_powerpc.deb Size/MD5: 31996 a4ace5d1280fab68a6fc0c93bc4fccc0
--WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDvjRdDecnbV4Fd/IRAnkNAKDRmzB0zUg3E+V6Ba63zFyKlm22hQCfaKud VV90O0lN1DtxHEpdEPUjF7E= =Bcsb -----END PGP SIGNATURE-----
--WIyZ46R2i8wDzkSu--
--===============1701985652== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1701985652==--
|
|
|
|