CVE-2005-3534 - Vulnerability Details - OpenCVE

Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wouter Verhelst	Nbd

Configuration 1 [-]

OR	cpe:2.3:a:wouter_verhelst:nbd::::::::
	cpe:2.3:a:wouter_verhelst:nbd:2.8.0:::::::*
	cpe:2.3:a:wouter_verhelst:nbd:2.8.2:::::::*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=116314
http://secunia.com/advisories/18135
http://secunia.com/advisories/18171
http://secunia.com/advisories/18209
http://secunia.com/advisories/18315
http://secunia.com/advisories/18503
http://secunia.com/advisories/43353
http://secunia.com/advisories/43610
http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388
http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229
http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229
http://www.debian.org/security/2005/dsa-924
http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml
http://www.osvdb.org/21848
http://www.securityfocus.com/bid/16029
https://usn.ubuntu.com/237-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2005-12-22T21:00:00

Updated: 2024-08-07T23:17:22.827Z

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3534

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-12-22T21:03:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-3534

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "43610", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43610"}, {"name": "18503", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18503"}, {"name": "DSA-924", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-924"}, {"name": "21848", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21848"}, {"name": "18209", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18209"}, {"name": "USN-237-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/237-1/"}, {"name": "18171", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18171"}, {"name": "16029", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16029"}, {"name": "18135", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18135"}, {"name": "GLSA-200512-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229"}, {"tags": ["x_refsource_MISC"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=116314"}, {"name": "43353", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43353"}, {"name": "18315", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18315"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2005-3534", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43610", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43610"}, {"name": "18503", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18503"}, {"name": "DSA-924", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-924"}, {"name": "21848", "refsource": "OSVDB", "url": "http://www.osvdb.org/21848"}, {"name": "18209", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18209"}, {"name": "USN-237-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/237-1/"}, {"name": "18171", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18171"}, {"name": "16029", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16029"}, {"name": "18135", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18135"}, {"name": "GLSA-200512-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229"}, {"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388", "refsource": "MISC", "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=116314", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=116314"}, {"name": "43353", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43353"}, {"name": "18315", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18315"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:17:22.827Z"}, "title": "CVE Program Container", "references": [{"name": "43610", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43610"}, {"name": "18503", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18503"}, {"name": "DSA-924", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2005/dsa-924"}, {"name": "21848", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/21848"}, {"name": "18209", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18209"}, {"name": "USN-237-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/237-1/"}, {"name": "18171", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18171"}, {"name": "16029", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16029"}, {"name": "18135", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18135"}, {"name": "GLSA-200512-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=116314"}, {"name": "43353", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43353"}, {"name": "18315", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18315"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-3534", "datePublished": "2005-12-22T21:00:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2024-08-07T23:17:22.827Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wouter_verhelst:nbd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E963ACA0-8AA5-4C12-A66F-B0308C682989", "versionEndIncluding": "2.7.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wouter_verhelst:nbd:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "54469EAE-B59D-46F0-95D6-C7A3E1A5783E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wouter_verhelst:nbd:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "24C9D230-C76A-42B7-8C28-CEECAB2DF91E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header."}], "id": "CVE-2005-3534", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-22T21:03:00.000", "references": [{"source": "security@debian.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=116314"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18135"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18171"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18209"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18315"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18503"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/43353"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/43610"}, {"source": "security@debian.org", "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2005/dsa-924"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.osvdb.org/21848"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16029"}, {"source": "security@debian.org", "url": "https://usn.ubuntu.com/237-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=116314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18503"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43353"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2005/dsa-924"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.osvdb.org/21848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/237-1/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}