Multiple buffer overflows and a race condition was discovered in NAS version 1.9.3
bdc95b52146e98c1147378f55a2740e3Title : Nas v1.9.3 Multiple Vulnerabilites
Author : Ashiyane Digital Security Team
Package : NAS ( Network Audio System)
Version : 1.9.3
Software Link : https://sourceforge.net/projects/nas/
Vendor : http://radscan.com/nas.html
CVEs : CVE-2013-4256, CVE-2013-4257, CVE-2013-4258
Package Description :
The Network Audio System is a network transparent, client/server audio transport system. It can be described as the audio equivalent of an X server.
Vulnerabilities details :
Recently several security flaws were discovered in latest version of `nasd` as explained briefly at the following link :
http://radscan.com/pipermail/nas/2013-August/001270.html
Fixes on Upstream :
https://sourceforge.net/p/nas/code/288/
https://sourceforge.net/p/nas/code/287/tree//trunk/server/os/utils.c?diff=517ad7dc2718467b12eafbad:286
https://sourceforge.net/p/nas/code/289/tree//trunk/server/os/connection.c?diff=517ad7dc2718467b12eafbad:288
TimeLine :
2013/08/07 - Vulnerabilities Discovered
2013/08/07 - Vendor notified
2013/08/07 | 15 - Vendor provided fixes
2013/08/20 - Published
Solution :
Fixed version will be ready soon.
Links :
http://radscan.com/pipermail/nas/2013-August/001270.html
http://www.openwall.com/lists/oss-security/2013/08/16/2
https://sourceforge.net/p/nas/code/288/
# Discovered and Reported By : Hamid Zamani (aka HAMIDx9)
© 2015 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!