{"id":"USN-2676-1","summary":"nbd vulnerabilities","details":"It was discovered that NBD incorrectly handled IP address matching. A\nremote attacker could use this issue with an IP address that has a partial\nmatch and bypass access restrictions. This issue only affected\nUbuntu 12.04 LTS. (CVE-2013-6410)\n\nTuomas Räsänen discovered that NBD incorrectly handled wrong export names\nand closed connections during negotiation. A remote attacker could use this\nissue to cause NBD to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS. (CVE-2013-7441)\n\nTuomas Räsänen discovered that NBD incorrectly handled signals. A remote\nattacker could use this issue to cause NBD to crash, resulting in a denial\nof service. (CVE-2015-0847)\n","modified":"2026-02-10T04:40:54Z","published":"2015-07-22T17:04:49Z","related":["UBUNTU-CVE-2015-0847"],"upstream":["CVE-2013-6410","CVE-2013-7441","CVE-2015-0847","UBUNTU-CVE-2013-6410","UBUNTU-CVE-2013-7441","UBUNTU-CVE-2015-0847"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2676-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-6410"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-7441"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0847"}],"affected":[{"package":{"name":"nbd","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/nbd@1:3.7-1ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.7-1ubuntu0.1"}]}],"versions":["1:3.3-3ubuntu1","1:3.4-1ubuntu1","1:3.4-2ubuntu1","1:3.5-1ubuntu1","1:3.6-1ubuntu1","1:3.7-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:3.7-1ubuntu0.1","binary_name":"nbd-client"},{"binary_version":"1:3.7-1ubuntu0.1","binary_name":"nbd-server"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2676-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0847"}]}}}],"schema_version":"1.7.3"}