The first known instance of this issue was reported on June 1st, 2017, and patches were published on June 10th, 2017. libnbd was updated on all supported Linux distributions on versions 2.6 and later.
Another issue was found in `libnbd` where it was possible to trigger a Denial of Service (DoS) attack. A remote attacker could cause a libnbd server to crash by sending a large amount of data using the `nbd-send` command.
The issue was discovered by Tavis Ormandy of Google Project Zero. The issue was addressed by limiting the size of the data that can be sent to a libnbd server.
A race condition was found in libnbd. An attacker could use this flaw to execute arbitrary code with the privileges of the user running the application that is using the libnbd library.
An issue was discovered in the libnbd library. When receiving data, the library would sometimes incorrectly handle the length of the data, causing it to corrupt memory. This could lead to a remote denial-of-service attack.
There is also a race condition in `libnbd`. An attacker could use this flaw to gain root privileges on the system.
Installation of libnbd
The libnbd library is not installed by default on most systems. To install the library, do the following:
- Download and extract the archive given in this URL to a temporary directory
- Make sure you have internet access on your system
- Execute the following command:
tar xvfz libnbd-2.3.tar.gz
- Change the permissions of each file in that directory so they are executable by root.
chmod u+x */*
- Run ./configure
- Run make
- Run make test (only needed if running OS X)
- Run make install
Dependencies and prerequisites
- The attacker must have the ability to execute code on the system, typically by exploiting a vulnerability or leveraging an existing user account with administrative access.
- libnbd must be configured to listen to inbound connections from localhost.
Timeline
Published on: 08/29/2022 15:15:00 UTC
Last modified on: 09/01/2022 20:29:00 UTC
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2050324
- https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
- https://access.redhat.com/security/cve/CVE-2022-0485
- https://bugzilla.redhat.com/show_bug.cgi?id=2046194
- https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0485