Debian Security Advisory DSA 2806-1 (nbd - Privilege Escalation) Network Vulnerability

Summary

It was discovered that nbd-server, the server for the Network Block Device protocol, did incorrect parsing of the access control lists, allowing access to any hosts with an IP address sharing a prefix with an allowed address.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 1:2.9.16-8+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1:3.2-4~deb7u4. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your nbd packages.

Affected

nbd on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2013/dsa-2806.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6410

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1039-1 (blender)
Debian Security Advisory DSA 005-1 (slocate)
Debian Security Advisory DSA 078-1 (slrn)
Debian Security Advisory DSA 028-1 (man-db)
Debian Security Advisory DSA 033-1 (analog)

Debian Security Advisory DSA 2806-1 (nbd - privilege escalation)

Take action and discover your vulnerabilities