Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wouter_verhelst | nbd | 2.8.2 |
| wouter_verhelst | nbd | 2.8.0 |
| wouter_verhelst | nbd | * |
Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wouter_verhelst | nbd | 2.9.17 |
| wouter_verhelst | nbd | 2.9.9 |
| wouter_verhelst | nbd | 2.9.11 |
| wouter_verhelst | nbd | 2.9.0 |
| wouter_verhelst | nbd | 2.9.12 |
| wouter_verhelst | nbd | 2.9.3 |
| wouter_verhelst | nbd | 2.9.16 |
| wouter_verhelst | nbd | * |
| wouter_verhelst | nbd | 2.9.13 |
| wouter_verhelst | nbd | 2.9.18 |
| wouter_verhelst | nbd | 2.9.1 |
| wouter_verhelst | nbd | 2.9.2 |
| wouter_verhelst | nbd | 2.9.5 |
| wouter_verhelst | nbd | 2.9.7 |
| wouter_verhelst | nbd | 2.9.4 |
| wouter_verhelst | nbd | 2.9.6 |
| wouter_verhelst | nbd | 2.9.14 |
| wouter_verhelst | nbd | 2.9.15 |
| wouter_verhelst | nbd | 2.9.10 |
| wouter_verhelst | nbd | 2.9.8 |
nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wouter_verhelst | nbd | * |
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| wouter_verhelst | nbd | 2.8.7 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 14.10 |
| wouter_verhelst | nbd | 2.7.5 |
| wouter_verhelst | nbd | 2.9.9 |
| wouter_verhelst | nbd | 2.9.0 |
| wouter_verhelst | nbd | 2.9.3 |
| wouter_verhelst | nbd | 2.8.4 |
| wouter_verhelst | nbd | 2.9.13 |
| wouter_verhelst | nbd | 2.9.18 |
| wouter_verhelst | nbd | 2.9.7 |
| wouter_verhelst | nbd | 2.9.23 |
| wouter_verhelst | nbd | 2.9.4 |
| wouter_verhelst | nbd | 2.9.6 |
| wouter_verhelst | nbd | 2.9.22 |
| canonical | ubuntu_linux | 12.04 |
| wouter_verhelst | nbd | 2.9.14 |
| wouter_verhelst | nbd | 2.9.10 |
| wouter_verhelst | nbd | 2.9.8 |
| canonical | ubuntu_linux | 15.04 |
| wouter_verhelst | nbd | 2.9.24 |
| wouter_verhelst | nbd | 2.8.5 |
| wouter_verhelst | nbd | 2.9.17 |
| wouter_verhelst | nbd | 2.9.11 |
| wouter_verhelst | nbd | 2.9.19 |
| wouter_verhelst | nbd | 2.9.12 |
| wouter_verhelst | nbd | 2.9.16 |
| debian | debian_linux | 7.0 |
| wouter_verhelst | nbd | * |
| wouter_verhelst | nbd | 3.1 |
| wouter_verhelst | nbd | 2.9.21 |
| wouter_verhelst | nbd | 2.8.6 |
| wouter_verhelst | nbd | 2.9.1 |
| wouter_verhelst | nbd | 2.9.2 |
| wouter_verhelst | nbd | 2.9.5 |
| wouter_verhelst | nbd | 3.3 |
| wouter_verhelst | nbd | 2.8.2 |
| wouter_verhelst | nbd | 3.1.1 |
| wouter_verhelst | nbd | 2.9.15 |
| wouter_verhelst | nbd | 2.9.25 |
| wouter_verhelst | nbd | 3.0 |
| wouter_verhelst | nbd | 2.9.20 |
| wouter_verhelst | nbd | 2.8.0 |
| wouter_verhelst | nbd | 3.2 |
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wouter_verhelst | nbd | 2.9.9 |
| wouter_verhelst | nbd | 2.9.3 |
| wouter_verhelst | nbd | 3.1 |
| wouter_verhelst | nbd | 2.9.5 |
| wouter_verhelst | nbd | 2.9.7 |
| wouter_verhelst | nbd | 2.9.23 |
| wouter_verhelst | nbd | 3.3 |
| wouter_verhelst | nbd | 2.9.4 |
| wouter_verhelst | nbd | 2.9.6 |
| wouter_verhelst | nbd | 2.9.22 |
| wouter_verhelst | nbd | 3.1.1 |
| wouter_verhelst | nbd | 2.9.25 |
| wouter_verhelst | nbd | 3.0 |
| wouter_verhelst | nbd | 2.9.8 |
| wouter_verhelst | nbd | 2.9.24 |
| wouter_verhelst | nbd | 3.2 |
nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.04 |
| wouter_verhelst | nbd | * |