Vulnerability Description
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wouter Verhelst | Nbd | <= 3.4 |
| Debian | Debian Linux | 6.0 |
| Canonical | Ubuntu Linux | 12.04 |
Related Weaknesses (CWE)
References
- http://sourceforge.net/mailarchive/forum.php?thread_name=529BAA58.2080401%40uterPatch
- http://www.debian.org/security/2013/dsa-2806Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/11/29/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/64002
- http://www.ubuntu.com/usn/USN-2676-1Third Party Advisory
- http://sourceforge.net/mailarchive/forum.php?thread_name=529BAA58.2080401%40uterPatch
- http://www.debian.org/security/2013/dsa-2806Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/11/29/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/64002
- http://www.ubuntu.com/usn/USN-2676-1Third Party Advisory
FAQ
What is CVE-2013-6410?
CVE-2013-6410 is a vulnerability with a CVSS score of 7.5 (HIGH). nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial...
How severe is CVE-2013-6410?
CVE-2013-6410 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6410?
Check the references section above for vendor advisories and patch information. Affected products include: Wouter Verhelst Nbd, Debian Debian Linux, Canonical Ubuntu Linux.