Computer Security
[EN] securityvulns.ru no-pyccku


Network Audio System security vulnerabilities
updated since 02.10.2013
Published:12.10.2013
Source:
SecurityVulns ID:13300
Type:remote
Threat Level:
5/10
Description:Code execution, Denial of service.
Affected:NAS : nas 1.9
CVE:CVE-2013-4258 (Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.)
 CVE-2013-4257 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4256. Reason: This issue was MERGED into CVE-2013-4256 because it is the same type of vulnerability. Notes: All CVE users should reference CVE-2013-4256 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2771-1] nas security update (12.10.2013)
 documentUBUNTU, [USN-1986-1] Network Audio System (NAS) vulnerabilities (02.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod