Bug#781547: marked as done (nbd: CVE-2013-7441: server dies if client asks for a non-existing export)

[Debian Bug Tracking System]

Your message dated Sun, 24 May 2015 13:32:40 +0000
with message-id <e1yww1a-0002ry...@franck.debian.org>
and subject line Bug#781547: fixed in nbd 1:3.2-4~deb7u5
has caused the Debian Bug report #781547,
regarding nbd: CVE-2013-7441: server dies if client asks for a non-existing 
export
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
781547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: nbd-server
Version: 1:3.2-4~deb7u4
Severity: important
Tags: security

Dear Maintainer,

There's a remotely exploitable denial of service flaw, similar/identical
to CVE-2011-1925 in nbd-server. It has been documented publicly in
2013-01-28[1]. It has been fixed in upstream version 3.4 [2] and hence
affects only the stable release (1:3.2-4~deb7u4).

[1]: http://sourceforge.net/p/nbd/mailman/message/30410146/
[2]: https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4

The flaw can be exploited easily by connecting to a server (listening at
10.0.0.1 in this example) and asking for a non-existing export:

  nbd-client 10.0.0.1 -N some-non-existing-export-name /dev/nbd1

The root (listener) nbd-server process will exit because of failed
negotiation procedure, effectively denying the service from others.

I'm the author of the commit which fixed the issue in upstream release
3.4 and I'm willing to help to get it fixed/backported also to stable. I
have drafted and tested a backported patch on top of nbd 1:3.2-4~deb7u4
[3]. It is basically identical to
741495cb08503fd32a9d22648e63b64390c601f4, I just had to use msg2(),
msg3() and msg4() instead of msg() and a single modernsock instead of a
socket array.

[3]: 
https://github.com/tuomasjjrasanen/nbd/commit/6e7cc14f21f9e899412d307c331acb2cad85fc56

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nbd-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  libc6                  2.13-38+deb7u8
ii  libglib2.0-0           2.33.12+really2.32.4-5
ii  ucf                    3.0025+nmu3

nbd-server recommends no packages.

nbd-server suggests no packages.

-- debconf information:
  nbd-server/convert: true
  nbd-server/useports: false
  nbd-server/autogen:
  nbd-server/name:
  nbd-server/filename:
  nbd-server/number: 0
  nbd-server/port:

--- End Message ---

--- Begin Message ---

Source: nbd
Source-Version: 1:3.2-4~deb7u5

We believe that the bug you reported is fixed in the latest version of
nbd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 781...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wouter Verhelst <wou...@debian.org> (supplier of updated nbd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 15 May 2015 13:03:42 +0200
Source: nbd
Binary: nbd-server nbd-client nbd-client-udeb
Architecture: source amd64
Version: 1:3.2-4~deb7u5
Distribution: oldstable-security
Urgency: medium
Maintainer: Wouter Verhelst <wou...@debian.org>
Changed-By: Wouter Verhelst <wou...@debian.org>
Description: 
 nbd-client - Network Block Device protocol - client
 nbd-client-udeb - Network Block Device protocol - client for Debian Installer 
(udeb)
 nbd-server - Network Block Device protocol - server
Closes: 781547 784657
Changes: 
 nbd (1:3.2-4~deb7u5) oldstable-security; urgency=medium
 .
   * Backport fix for CVE-2015-0847 to fix handling of SIGTERM and SIGCHLD.
     Closes: #784657.
   * Merge patch by Tuomas Räsänen to do all negotiation in the child
     process. Closes: #781547, CVE-2013-7441.
Checksums-Sha1: 
 0897e07a2b04cfaf70a2da4fe758f61d26c18e7c 1906 nbd_3.2-4~deb7u5.dsc
 5cdd331603b4b296b32cc2607cfc0e4945bb627e 115363 nbd_3.2-4~deb7u5.diff.gz
 5b5b09227bb8fca08fc09f8469d971025af36cd9 75060 
nbd-server_3.2-4~deb7u5_amd64.deb
 a65d8f00a8f4e2b42fed73106c93561dbe92a984 63900 
nbd-client_3.2-4~deb7u5_amd64.deb
 1cfcd2b27d549b6da75ca033899fc882ba37d4cf 8104 
nbd-client-udeb_3.2-4~deb7u5_amd64.udeb
Checksums-Sha256: 
 6acde77baa273acb9c940968fcda3146344ba639449770217c6aea3e061afe9f 1906 
nbd_3.2-4~deb7u5.dsc
 ea441327a7cc6d8b96a144e88d3e7c784cef76614b301f86d2d7689b440bf159 115363 
nbd_3.2-4~deb7u5.diff.gz
 8930a7956977ddf8cfbf100810c057b76244afa987db8afdda9465c32f0183d6 75060 
nbd-server_3.2-4~deb7u5_amd64.deb
 e130df34097cb3ef9669291e1426658dc68195786bb8877a59aef23472455779 63900 
nbd-client_3.2-4~deb7u5_amd64.deb
 a0a91fd8da84ccaa83b10ec5817c5de80fdd5da4ffe7ed8bcbb8aab371367b4f 8104 
nbd-client-udeb_3.2-4~deb7u5_amd64.udeb
Files: 
 4f44babb856a5cf29837d4945e3b7e11 1906 admin optional nbd_3.2-4~deb7u5.dsc
 e3adbaec367f828873e92f8fde5ad087 115363 admin optional nbd_3.2-4~deb7u5.diff.gz
 d836a28cd8b3736473121e6aa226d2f4 75060 admin optional 
nbd-server_3.2-4~deb7u5_amd64.deb
 25f74db4c921bef8e80ea0f9f2d615d6 63900 admin optional 
nbd-client_3.2-4~deb7u5_amd64.deb
 dd4fd331b8202a7b1cf2a07d054e9000 8104 debian-installer optional 
nbd-client-udeb_3.2-4~deb7u5_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVXuY2AAoJEMKUD5Ub3wqd7H4P+wVU+0ZGhEjfxJnMZ+ZM5Lyr
z3I/PnxF6+j0OB4PQwEzh81opmpqh5s9nbb119QQ/V9hnCUec4+dkID8Q4uSzB+5
NTQ967E2yk03BlXEqoTLJc3uWntDl6vxvxwyNi9+qLYPidS6Yn1Gd86fvgICd0vR
nVBnCAqSl8ixNvMaFNleqCmMk/lJHM3uwF6lkWSvRnANOkpqOUShdlNbDMp4qEI5
BKdNTgYY4BfPQz1sSNUDeTnguOz8KobhsDdaSVGtza7bgmE0mVbUZag9+VGGuk21
VgcsZXqkWGflaGn4CSWSTMwmpTE5qnykUOmVKilRvatNDBYDRdurrJstBN9chTUu
36f5yYcluUlUkaIgIBBxZECF3me99FidUhiz5R4yCr4ary1L9R+pq6RTKDSe+Bm4
AgVQWV9XoJBpThmP2cYhfIg8aVufqawTD4xFutYR3hX91OVhwE4GRcQqc+SzIVue
4pQQx63yxoP5DJBoX/eXAeYDxu7nMK3l/1ymsTIS6bBzU2fjPIuPJ8ia3IiDvY+t
BXgq4s4ief9pjJPmKeHTGtPBcdcerqjCW5VtdftrJ8w7gM4gVUuKQitpNnqTg5LO
9GAlFFM8RQF09goUS4Wmw2LQtxkwq7i3y9mSIny9h7UFI4X7yh1jjR9eaVmR0VKL
9SIWdsPLz7hZ56bKTTSq
=tsd6
-----END PGP SIGNATURE-----

--- End Message ---