Debian Security Advisory DSA 2183-1 (nbd) Network Vulnerability

Summary

The remote host is missing an update to nbd announced via advisory DSA 2183-1.

Solution

For the oldstable distribution (lenny), this problem has been fixed in version 1:2.9.11-3lenny1. The stable distribution (squeeze), the testing distribution (wheezy), and the unstable distribution (sid) are not affected. This problem was fixed prior the release of squeeze in version 1:2.9.16-8. We recommend that you upgrade your nbd packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202183-1

Insight

It was discovered a regression of a buffer overflow (CVE-2005-3534) in nbd, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request.

Severity

Classification

CVE CVE-2005-3534, CVE-2011-0530

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1037-1 (zgv)
Debian Security Advisory DSA 102-2 (at)
Debian Security Advisory DSA 060-1 (fetchmail)
Debian Security Advisory DSA 031-1 (sudo)
Debian Security Advisory DSA 059-1 (man-db)

Take action and discover your vulnerabilities