Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[USN-238-1] Blender vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Fri, 6 Jan 2006 10:13:41 +0100

Ubuntu Security Notice USN-238-1           January 06, 2006
blender vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Kurt Fitzner discovered that the NBD (network block device) server did
not correctly verify the maximum size of request packets. By sending
specially crafted large request packets, a remote attacker who is
allowed to access the server could exploit this to execute arbitrary
code with root privileges.

  Source archives:

      Size/MD5:    11607 282c2bc853abdd9fcadeb94fd42d293f
      Size/MD5:      759 f6d6c5fe8bba50202cb60db85a1f3240
      Size/MD5:  7885589 2af6afdb01c1d297c43602982d9a919c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

      Size/MD5:  4791610 926553266642bd9f625e1b27dccd23ff

  i386 architecture (x86 compatible Intel/AMD)

      Size/MD5:  4113452 ee9f2a301ed054d9c56dd2412757465b

  powerpc architecture (Apple Macintosh G3/G4/G5)

      Size/MD5:  4641056 8b75ee14b6ce089d7172c88343a1b821

Attachment: signature.asc
Description: Digital signature

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]