CVE-2013-6410 — NBD vulnerability

CWE-2647 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 44.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wouter Verhelst NBD Debian NBD Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 7

Latest updateMay 17

Description

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/nbd< nbd 1:3.5-1 (bookworm)

▶Debianwouter_verhelst/nbd< 1:3.5-1+3

▶Ubuntuwouter_verhelst/nbd< 1:3.7-1ubuntu0.1

▶NVDwouter_verhelst/nbd3.4+38

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-m347-4hpq-mfpc: nbd-server in Network Block Device (nbd) before 3↗2022-05-17

▶

OSV

nbd vulnerabilities↗2015-07-22

▶

OSV

CVE-2013-6410: nbd-server in Network Block Device (nbd) before 3↗2013-12-07

▶

📋Vendor Advisories

Ubuntu

NBD vulnerabilities↗2015-07-22

▶

Debian

CVE-2013-6410: nbd - nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP a...↗2013

▶

💬Community

Bugzilla

CVE-2013-6410 nbd: incorrect parsing of access control file in nbd-server↗2013-11-29

▶