CVE-2013-6410
Ubuntu Security Notice USN-2676-1
Severity Score
Exploit Likelihood
Affected Versions
45Public Exploits
0Exploited in Wild
-Decision
Descriptions
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.
nbd-server en Network Block Device (nbd) anteriores a 3.5 no comprueba correctamente direcciones IP, lo cual podría permitir a atacantes remotos sortear restricciones de acceso intencionadas a través de una dirección IP con una coincidencia parcial en el fichero de configuración authfile.
It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. Tuomas discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-11-04 CVE Reserved
- 2013-12-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-securit... | Mailing List |
|
| http://www.securityfocus.com/bid/64002 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2013/dsa-2806 | 2016-11-28 | |
| http://www.ubuntu.com/usn/USN-2676-1 | 2016-11-28 |