Launchpad.net

CVE 2005-3534

Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.

Related bugs and status

CVE-2005-3534 (Candidate) is related to these bugs:

Bug #718300: CVE-2011-0530

		In	Importance	Status
718300	CVE-2011-0530	nbd (Ubuntu)	Undecided	Fix Released
718300	CVE-2011-0530	nbd (Ubuntu Natty)	Undecided	Fix Released
718300	CVE-2011-0530	nbd (Ubuntu Hardy)	Medium	Fix Released
718300	CVE-2011-0530	nbd (Ubuntu Karmic)	Medium	Won't Fix
718300	CVE-2011-0530	nbd (Ubuntu Maverick)	Medium	Fix Released
718300	CVE-2011-0530	nbd (Ubuntu Lucid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.gentoo.org...
DEBIAN: DSA-924
GENTOO: GLSA-200512-14
BID: 16029
OSVDB: 21848
SECUNIA: 18135
SECUNIA: 18171
SECUNIA: 18209
SECUNIA: 18315
SECUNIA: 18503
SUSE: SUSE-SR:2006:001
SECUNIA: 43353
SECUNIA: 43610
MISC: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
UBUNTU: USN-237-1