Executive Summary
Summary | |
---|---|
Title | New nbd packages fix potential arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-924 | First vendor Publication | 2005-12-21 |
Vendor | Debian | Last vendor Modification | 2005-12-21 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Kurt Fitzner discovered a buffer overflow in nbd, the network block device client and server that could potentially allow arbitrary cod on the NBD server. For the old stable distribution (woody) this problem has been fixed in version 1.2cvs20020320-3.woody.3. For the stable distribution (sarge) this problem has been fixed in version 2.7.3-3sarge1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your nbd-server package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-924 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12714 | |||
Oval ID: | oval:org.mitre.oval:def:12714 | ||
Title: | DSA-2183-1 nbd -- buffer overflow | ||
Description: | It was discovered a regression of a buffer overflow in nbd, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2183-1 CVE-2011-0530 CVE-2005-3534 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nbd |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-03-09 | Name : Debian Security Advisory DSA 2183-1 (nbd) File : nvt/deb_2183_1.nasl |
2011-02-18 | Name : Fedora Update for nbd FEDORA-2011-1097 File : nvt/gb_fedora_2011_1097_nbd_fc13.nasl |
2011-02-18 | Name : Fedora Update for nbd FEDORA-2011-1108 File : nvt/gb_fedora_2011_1108_nbd_fc14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200512-14 (NBD) File : nvt/glsa_200512_14.nasl |
2008-09-04 | Name : FreeBSD Ports: nbd-server File : nvt/freebsd_nbd-server.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 924-1 (nbd) File : nvt/deb_924_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73463 | Network Block Device nbd-server.c mainloop Function Remote Overflow |
21848 | Network Block Device (NBD) Server Request Handling Remote Overflow A remote overflow exists in Network Block Device (NBD). The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-03-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2183.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1097.nasl - Type : ACT_GATHER_INFO |
2011-02-16 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1108.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-924.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_43770b1c72f611da8c1d000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
2005-12-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200512-14.nasl - Type : ACT_GATHER_INFO |
2005-12-24 | Name : The remote service is affected by a buffer overflow vulnerability. File : nbd_bufsize_overflow.nasl - Type : ACT_DENIAL |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:44 |
|