MidnightBSD

Advisories for wouter_verhelst

CVE-2005-3534 HIGH

Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
wouter_verhelst nbd 2.8.2
wouter_verhelst nbd 2.8.0
wouter_verhelst nbd *
CVE-2011-0530 HIGH

Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
wouter_verhelst nbd 2.9.17
wouter_verhelst nbd 2.9.9
wouter_verhelst nbd 2.9.11
wouter_verhelst nbd 2.9.0
wouter_verhelst nbd 2.9.12
wouter_verhelst nbd 2.9.3
wouter_verhelst nbd 2.9.16
wouter_verhelst nbd *
wouter_verhelst nbd 2.9.13
wouter_verhelst nbd 2.9.18
wouter_verhelst nbd 2.9.1
wouter_verhelst nbd 2.9.2
wouter_verhelst nbd 2.9.5
wouter_verhelst nbd 2.9.7
wouter_verhelst nbd 2.9.4
wouter_verhelst nbd 2.9.6
wouter_verhelst nbd 2.9.14
wouter_verhelst nbd 2.9.15
wouter_verhelst nbd 2.9.10
wouter_verhelst nbd 2.9.8
CVE-2011-1925 MEDIUM

nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
wouter_verhelst nbd *
CVE-2013-6410 HIGH

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
wouter_verhelst nbd 2.8.7
debian debian_linux 6.0
canonical ubuntu_linux 14.10
wouter_verhelst nbd 2.7.5
wouter_verhelst nbd 2.9.9
wouter_verhelst nbd 2.9.0
wouter_verhelst nbd 2.9.3
wouter_verhelst nbd 2.8.4
wouter_verhelst nbd 2.9.13
wouter_verhelst nbd 2.9.18
wouter_verhelst nbd 2.9.7
wouter_verhelst nbd 2.9.23
wouter_verhelst nbd 2.9.4
wouter_verhelst nbd 2.9.6
wouter_verhelst nbd 2.9.22
canonical ubuntu_linux 12.04
wouter_verhelst nbd 2.9.14
wouter_verhelst nbd 2.9.10
wouter_verhelst nbd 2.9.8
canonical ubuntu_linux 15.04
wouter_verhelst nbd 2.9.24
wouter_verhelst nbd 2.8.5
wouter_verhelst nbd 2.9.17
wouter_verhelst nbd 2.9.11
wouter_verhelst nbd 2.9.19
wouter_verhelst nbd 2.9.12
wouter_verhelst nbd 2.9.16
debian debian_linux 7.0
wouter_verhelst nbd *
wouter_verhelst nbd 3.1
wouter_verhelst nbd 2.9.21
wouter_verhelst nbd 2.8.6
wouter_verhelst nbd 2.9.1
wouter_verhelst nbd 2.9.2
wouter_verhelst nbd 2.9.5
wouter_verhelst nbd 3.3
wouter_verhelst nbd 2.8.2
wouter_verhelst nbd 3.1.1
wouter_verhelst nbd 2.9.15
wouter_verhelst nbd 2.9.25
wouter_verhelst nbd 3.0
wouter_verhelst nbd 2.9.20
wouter_verhelst nbd 2.8.0
wouter_verhelst nbd 3.2
CVE-2013-7441 HIGH

The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
wouter_verhelst nbd 2.9.9
wouter_verhelst nbd 2.9.3
wouter_verhelst nbd 3.1
wouter_verhelst nbd 2.9.5
wouter_verhelst nbd 2.9.7
wouter_verhelst nbd 2.9.23
wouter_verhelst nbd 3.3
wouter_verhelst nbd 2.9.4
wouter_verhelst nbd 2.9.6
wouter_verhelst nbd 2.9.22
wouter_verhelst nbd 3.1.1
wouter_verhelst nbd 2.9.25
wouter_verhelst nbd 3.0
wouter_verhelst nbd 2.9.8
wouter_verhelst nbd 2.9.24
wouter_verhelst nbd 3.2
CVE-2015-0847 HIGH

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.04
wouter_verhelst nbd *