Vulnerabilities > CVE-2013-7441 - Resource Management Errors vulnerability in Wouter Verhelst NBD
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2676-1.NASL description It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-6410) Tuomas Rasanen discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-7441) Tuomas Rasanen discovered that NBD incorrectly handled signals. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. (CVE-2015-0847). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84958 published 2015-07-23 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84958 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : nbd vulnerabilities (USN-2676-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3271.NASL description Tuomas Rasanen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service. Tuomas Rasanen also discovered that the modern-style negotiation was carried out in the main server process before forking the actual client handler. This could allow a remote attacker to cause a denial of service (crash) by querying a non-existent export. This issue only affected the oldstable distribution (wheezy). last seen 2020-06-01 modified 2020-06-02 plugin id 83788 published 2015-05-26 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83788 title Debian DSA-3271-1 : nbd - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-393.NASL description - Fix CVE-2013-7441 (boo#931987) - CVE-2013-7441.patch - Fix CVE-2015-0847 (boo#930173) - nbd_signaling_CVE-2015-0847.patch last seen 2020-06-05 modified 2015-06-04 plugin id 83981 published 2015-06-04 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83981 title openSUSE Security Update : nbd (openSUSE-2015-393)
References
- http://lists.opensuse.org/opensuse-updates/2015-06/msg00003.html
- http://sourceforge.net/p/nbd/mailman/message/30410146/
- http://www.debian.org/security/2015/dsa-3271
- http://www.openwall.com/lists/oss-security/2015/05/19/6
- http://www.openwall.com/lists/oss-security/2015/05/21/5
- http://www.securityfocus.com/bid/74808
- http://www.ubuntu.com/usn/USN-2676-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781547
- https://github.com/yoe/nbd/commit/741495cb08503fd32a9d22648e63b64390c601f4