Computer Security
[EN] securityvulns.ru no-pyccku


Network Audio System DoS
Published:22.03.2007
Source:
SecurityVulns ID:7442
Type:remote
Affected:NAS : Network Audio System 1.8
CVE:CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.)
 CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.)
 CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.)
 CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.)
 CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.)
Original documentdocumentSECURITEAM, [NEWS] Multiple Vulnerabilities In NAS (22.03.2007)
Files:Exploits Network Audio System <= 1.8a (svn 231) multiple vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod