Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-3534

Published: 22/12/2005 Updated: 03/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Wouter Verhelst

Vulnerability Summary

Buffer overflow in the Network Block Device (nbd) server 2.7.5 and previous versions, and 2.8.0 up to and including 2.8.2, allows remote malicious users to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.

Vulnerable Product Search on Vulmon Subscribe to Product

wouter verhelst nbd 2.8.0

wouter verhelst nbd 2.8.2

wouter verhelst nbd

Vendor Advisories

Debian CVElist Bug Report Logs: nbd-server dies due to EFAULT from read
Debian Bug report logs - #611187 nbd-server dies due to EFAULT from read Package: nbd-server; Maintainer for nbd-server is Wouter Verhelst <wouter@debianorg>; Source for nbd-server is src:nbd (PTS, buildd, popcon) Reported by: Ian Jackson <IanJackson@eucitrixcom> Date: Wed, 26 Jan 2011 15:03:02 UTC Severity: ser ...
Debian Security Advisories: DSA-2183-1 nbd -- buffer overflow
It was discovered a regression of a buffer overflow (CVE-2005-3534) in NBD, the Network Block Device server, that could allow arbitrary code execution on the NBD server via a large request For the oldstable distribution (lenny), this problem has been fixed in version 1:2911-3lenny1 The stable distribution (squeeze), the testing distribution (wh ...
Debian Security Advisories: DSA-924-1 nbd -- buffer overflow
Kurt Fitzner discovered a buffer overflow in nbd, the network block device client and server that could potentially allow arbitrary code on the NBD server For the old stable distribution (woody) this problem has been fixed in version 12cvs20020320-3woody3 For the stable distribution (sarge) this problem has been fixed in version 273-3sarge1 ...

References

CWE-119http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388http://www.debian.org/security/2005/dsa-924http://www.securityfocus.com/bid/16029http://secunia.com/advisories/18135http://secunia.com/advisories/18171http://bugs.gentoo.org/show_bug.cgi?id=116314http://www.gentoo.org/security/en/glsa/glsa-200512-14.xmlhttp://www.osvdb.org/21848http://secunia.com/advisories/18209http://secunia.com/advisories/18315http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229http://secunia.com/advisories/18503http://secunia.com/advisories/43353http://secunia.com/advisories/43610https://usn.ubuntu.com/237-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611187https://nvd.nist.govhttps://www.debian.org/security/./dsa-2183
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook