Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 21 May 2015 10:47:40 -0400 (EDT)
From: cve-assign@...re.org
To: alessandro@...dini.me
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: nbd denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://sourceforge.net/p/nbd/mailman/message/30410146/
> https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4

As far as we can tell, the CVE request is primarily about the
vulnerability that affects versions 2.9.22 through 3.3. Use
CVE-2013-7441.

>> Versions released between 2.9.16 and 2.9.22 ... are vulnerable in the
>> sense that the bad design is still there, but I don't believe they
>> would crash in that manner.

If someone is interested in a CVE ID for those older versions
(released in 2010 and 2011), and the behavior is different (e.g., if
the unexpected client behavior doesn't immediately lead to a crash and
instead can cause memory corruption), please let us know.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVXe+IAAoJEKllVAevmvmsuzwIAL5k8kTryqGjXT/7W5VY6O/N
Ybjzpqb9JrKk5t6SyedrtilpEwx6Wj87Pk36Wfw336fPDnzHFh8SvipW3oT/Dzil
I9llHybnTum0zGz2POnqzm1bL2Qr0QB0ly6gL56MCeErsfhngQahv6PGFuZC3wNH
p9MaHFwVVZAGDwzrbA2JAyw6C7T4xm6TyfY9/2tF3jhXvbTM+5yO9znK5p9BChco
ski7lbZW9tw3HK0CChrT0xQv6m6JTPR6s+faOiREE8+CkdqDpr/GTTIY5KGx6eFr
RiyinKasLHxIfsMZYQJIBotOLAFo9XdxO7cQIGNfL4npc8NBPcU8uhJUsH4scTQ=
=T6E3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ