Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 Nov 2013 01:02:17 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: incorrect parsing of access control
 file in nbd-server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2013 09:46 AM, Wouter Verhelst wrote:
> Hi,
> 
> nbd-server has the ability to deny connection requests to clients
> unless their IP addresses are listed in a tcpwrappers-style
> configuration file. Due to incorrect use of strncmp() in the parser
> for this file, however, it would allow clients to connect so long
> as their IP address in ASCII representation would start with
> something in the ACL file; e.g., 198.51.100.12 would be allowed if
> 198.51.100.1 was listed.
> 
> I'd like a CVE id for this.
> 
> Thanks,
> 

Please use CVE-2013-6410 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSmEoJAAoJEBYNRVNeJnmTmxQP/1TRAXPoxfwk7rL1DDAIejWP
Zxwqa/6heBDkGBccg1p1NBV810dnK0URhp6XoYwto8XPkhVcRQtxBDdJ5iTI8waW
j/aoAtIByOidWP6ZNm7NA1f0ltsrs036htehoT3IfbBJTrRjtGkW2GejGUBM60bs
hxVYtp2+WsPZfe3I15iouwB40gLe72e18vPU/apyW9M/T4yf2ptsdS5Q9nL1t/B4
KkYmv66QkY+ibQTV+xqPZ0nAW76ikO0TyxZqLEXQyhB3kt00Julz3vSfEVOVGYK/
8/RfarCOvkpDKdDqPfMdvDyfZoJ+Pz6J2BKTBO/aHsBkifcoSKqi7HpZBHZyTaMh
hOP01ucUha5lORYyWG+U/eKlXuY5ah/FA43U6vU+sSZqHXPTvlzVeDtg4f39wMXx
Af5b89czqb6z2poTKzAGp3sj1kgcGTCggAr2yEHjpgNLmB+vM0SrOgPUV/bb+X5X
NZtCoZiyoTp3eMg9HZYRCzGYA7UC+KzuZdBlMsuZ1p+NFKlCWNirjDS+94nszZPD
aBLN2r7IGTqkmJ3Spgg29AW8C6WCsbkzTMJ/irdWpAzIAwRzngi7HVGa/nMMnNfL
aUd3FLZVtVsrCvMa+3Nsc/ORKDK0Le152XwSGGyNDlt7HyiPvica0oprQLJDqevW
0QjTGtPChKTNLDejiOgr
=XH9a
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.