| Bug ID | 931987 |
|---|---|
| Summary | VUL-0: CVE-2013-7441: nbd: NBD server terminates on SIGPIPE during negotiation |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | 13.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | ms@suse.com |
| Reporter | abergmann@suse.com |
| QA Contact | qa-bugs@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
rh#1224074 / CVE-2013-7441 -------------------------------------------- A denial of service flaw was found in nbd: "The listener/root server process terminates on SIGPIPE during negotiation. This is hardly the desired behavior, since any malfunctioning client can brought the listener server down by closing the socket unexpectedly." Additional information: http://sourceforge.net/p/nbd/mailman/message/30410146/ Upstream patch: https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4 -------------------------------------------- References: https://bugzilla.redhat.com/show_bug.cgi?id=1224074 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7441 http://seclists.org/oss-sec/2015/q2/516 http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7441.html