nbd-server has the ability to deny connection requests to clients unless their IP addresses are listed in a tcpwrappers-style configuration file. Due to incorrect use of strncmp() in the parser for this file, however, it would allow clients to connect so long as their IP address in ASCII representation would start with something in the ACL file; e.g., 198.51.100.12 would be allowed if 198.51.100.1 was listed. References: http://seclists.org/oss-sec/2013/q4/366
Created nbd tracking bugs for this issue: Affects: fedora-all [bug 1035999] Affects: epel-6 [bug 1036000]
I can't find any reference of fix/bug report. The version in the fedora is the latest. Can you shed some lights to me?
nbd-3.5-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
nbd-3.5-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
nbd-3.5-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.