Info

Disclosure

Dec 21, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Network Block Device (NBD). The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 2.7.6 or 2.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Pavel Machek	Network Block Device (NBD)	2.8.2
		2.7.5

References

Bugtraq ID: 16029
Secunia Advisory ID: 18135 18171 18209 18315 18503 43353 43610 44115
CVE ID: 2005-3534 (see also: NVD) 2011-0530 (see also: NVD)
Vendor Specific News/Changelog Entry: http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054071.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054083.html
http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229
http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229
Other Advisory URL: http://lists.ubuntu.com/archives/ubuntu-security-announce/2006-January/000268.html
http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml
http://www.novell.com/linux/security/advisories/2006_01_sr.html
Vendor URL: http://nbd.sourceforge.net/
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-924
http://www.debian.org/security/2011/dsa-2183
https://hermes.opensuse.org/messages/8086846
https://hermes.opensuse.org/messages/8086862

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/21848

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Pavel Machek

Network Block Device (NBD)

References

Credit