Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3534

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3534
Last Modified 02 Jun 2011 12:00:00
Published 22 Dec 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3534

Summary

Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.

Vulnerable Systems

Application

  • Wouter Verhelst Nbd 2.7.5

  • Wouter Verhelst Nbd 2.8.0

  • Wouter Verhelst Nbd 2.8.2


References

UBUNTU - USN-237-1

BID - 16029

OSVDB - 21848

GENTOO - GLSA-200512-14

DEBIAN - DSA-924

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229

SECUNIA - 18315

SECUNIA - 18209

SECUNIA - 18171

MISC - http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388

SECUNIA - 43610

SECUNIA - 43353

SECUNIA - 18503

SECUNIA - 18135

MISC - http://bugs.gentoo.org/show_bug.cgi?id=116314


Last Updated: 27 May 2016 10:40:57