Bug 931987 - (CVE-2013-7441) VUL-0: CVE-2013-7441: nbd: NBD server terminates on SIGPIPE during negotiation
(CVE-2013-7441)
VUL-0: CVE-2013-7441: nbd: NBD server terminates on SIGPIPE during negotiation
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
13.2
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Martin Pluskal
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-22 09:15 UTC by Alexander Bergmann
Modified: 2018-02-26 07:03 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-05-22 09:15:59 UTC
rh#1224074 / CVE-2013-7441
--------------------------------------------
A denial of service flaw was found in nbd:

"The listener/root server process terminates on SIGPIPE during negotiation. This is hardly the desired behavior, since any malfunctioning client can brought the listener server down by closing the socket unexpectedly."

Additional information:

http://sourceforge.net/p/nbd/mailman/message/30410146/

Upstream patch:

https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4
--------------------------------------------

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1224074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7441
http://seclists.org/oss-sec/2015/q2/516
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7441.html
Comment 1 Marcus Schaefer 2015-05-22 09:37:04 UTC
assigning to real maintainer, thanks much Martin
Comment 2 Martin Pluskal 2015-05-22 11:59:22 UTC
Created http://bugzilla.suse.com/show_bug.cgi?id=930173
Comment 3 Martin Pluskal 2015-05-22 12:00:03 UTC
I meant https://build.opensuse.org/request/show/308367
Comment 4 Martin Pluskal 2015-05-22 12:02:46 UTC
*** Bug 930173 has been marked as a duplicate of this bug. ***
Comment 5 Martin Pluskal 2015-05-22 12:21:43 UTC
Hopefully I will no become real maintainer - https://build.opensuse.org/request/show/308370
Comment 6 Bernhard Wiedemann 2015-05-22 13:00:13 UTC
This is an autogenerated message for OBS integration:
This bug (931987) was mentioned in
https://build.opensuse.org/request/show/308377 13.2+13.1 / nbd
Comment 7 Swamp Workflow Management 2015-06-03 15:06:36 UTC
openSUSE-SU-2015:0994-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 930173,931987
CVE References: CVE-2013-7441,CVE-2015-0847
Sources used:
openSUSE 13.2 (src):    nbd-3.3-4.3.1
openSUSE 13.1 (src):    nbd-3.3-2.3.1