USN-237-1: nbd vulnerability

6 January 2006

nbd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10

Software Description

Details

Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
nbd-server

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References