Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: incorrect parsing of access control file in nbd-server
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 29 Nov 2013 01:02:17 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/28/2013 09:46 AM, Wouter Verhelst wrote:
Hi,

nbd-server has the ability to deny connection requests to clients
unless their IP addresses are listed in a tcpwrappers-style
configuration file. Due to incorrect use of strncmp() in the parser
for this file, however, it would allow clients to connect so long
as their IP address in ASCII representation would start with
something in the ACL file; e.g., 198.51.100.12 would be allowed if
198.51.100.1 was listed.

I'd like a CVE id for this.

Thanks,


Please use CVE-2013-6410 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSmEoJAAoJEBYNRVNeJnmTmxQP/1TRAXPoxfwk7rL1DDAIejWP
Zxwqa/6heBDkGBccg1p1NBV810dnK0URhp6XoYwto8XPkhVcRQtxBDdJ5iTI8waW
j/aoAtIByOidWP6ZNm7NA1f0ltsrs036htehoT3IfbBJTrRjtGkW2GejGUBM60bs
hxVYtp2+WsPZfe3I15iouwB40gLe72e18vPU/apyW9M/T4yf2ptsdS5Q9nL1t/B4
KkYmv66QkY+ibQTV+xqPZ0nAW76ikO0TyxZqLEXQyhB3kt00Julz3vSfEVOVGYK/
8/RfarCOvkpDKdDqPfMdvDyfZoJ+Pz6J2BKTBO/aHsBkifcoSKqi7HpZBHZyTaMh
hOP01ucUha5lORYyWG+U/eKlXuY5ah/FA43U6vU+sSZqHXPTvlzVeDtg4f39wMXx
Af5b89czqb6z2poTKzAGp3sj1kgcGTCggAr2yEHjpgNLmB+vM0SrOgPUV/bb+X5X
NZtCoZiyoTp3eMg9HZYRCzGYA7UC+KzuZdBlMsuZ1p+NFKlCWNirjDS+94nszZPD
aBLN2r7IGTqkmJ3Spgg29AW8C6WCsbkzTMJ/irdWpAzIAwRzngi7HVGa/nMMnNfL
aUd3FLZVtVsrCvMa+3Nsc/ORKDK0Le152XwSGGyNDlt7HyiPvica0oprQLJDqevW
0QjTGtPChKTNLDejiOgr
=XH9a
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault