Vulnerability Details CVE-2013-6410
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://sourceforge.net/mailarchive/forum.php?thread_name=529BAA58.2080401%40uter.be&forum_name=nbd-general
- http://www.debian.org/security/2013/dsa-2806
- http://www.openwall.com/lists/oss-security/2013/11/29/4
- http://www.securityfocus.com/bid/64002
- http://www.ubuntu.com/usn/USN-2676-1
- http://sourceforge.net/mailarchive/forum.php?thread_name=529BAA58.2080401%40uter.be&forum_name=nbd-general
- http://www.debian.org/security/2013/dsa-2806
- http://www.openwall.com/lists/oss-security/2013/11/29/4
- http://www.securityfocus.com/bid/64002
- http://www.ubuntu.com/usn/USN-2676-1
Products affected by CVE-2013-6410
-
cpe:2.3:a:wouter_verhelst:nbd:2.7.5
-
cpe:2.3:a:wouter_verhelst:nbd:2.8.0
-
cpe:2.3:a:wouter_verhelst:nbd:2.8.2
-
cpe:2.3:a:wouter_verhelst:nbd:2.8.4
-
cpe:2.3:a:wouter_verhelst:nbd:2.8.5
-
cpe:2.3:a:wouter_verhelst:nbd:2.8.6
-
cpe:2.3:a:wouter_verhelst:nbd:2.8.7
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.0
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.1
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.10
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.11
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.12
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.13
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.14
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.15
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.16
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.17
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.18
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.19
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.2
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.20
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.21
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.22
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.23
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.24
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.25
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.3
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.4
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.5
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.6
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.7
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.8
-
cpe:2.3:a:wouter_verhelst:nbd:2.9.9
-
cpe:2.3:a:wouter_verhelst:nbd:3.0
-
cpe:2.3:a:wouter_verhelst:nbd:3.1
-
cpe:2.3:a:wouter_verhelst:nbd:3.1.1
-
cpe:2.3:a:wouter_verhelst:nbd:3.2
-
cpe:2.3:a:wouter_verhelst:nbd:3.3
-
cpe:2.3:a:wouter_verhelst:nbd:3.4
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.10
-
cpe:2.3:o:canonical:ubuntu_linux:15.04
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:7.0