Bug 1224074 (CVE-2013-7441) - CVE-2013-7441 nbd: NBD server terminates on SIGPIPE during negotiation
Summary: CVE-2013-7441 nbd: NBD server terminates on SIGPIPE during negotiation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-7441
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1224078
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-22 07:41 UTC by Martin Prpič
Modified: 2021-10-21 00:45 UTC (History)
4 users (show)

Fixed In Version: nbd 3.4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 00:45:27 UTC
Embargoed:


Attachments (Terms of Use)

Description Martin Prpič 2015-05-22 07:41:58 UTC
A denial of service flaw was found in nbd:

"The listener/root server process terminates on SIGPIPE during negotiation. This is hardly the desired behavior, since any malfunctioning client can brought the listener server down by closing the socket unexpectedly."

Additional information:

http://sourceforge.net/p/nbd/mailman/message/30410146/

Upstream patch:

https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4

Comment 1 Martin Prpič 2015-05-22 07:43:57 UTC
Created nbd tracking bugs for this issue:

Affects: epel-6 [bug 1224078]


Note You need to log in before you can comment on or make changes to this bug.