 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2013-4256 |
| Description: | Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4256 61848 http://www.securityfocus.com/bid/61848 DSA-2771 http://www.debian.org/security/2013/dsa-2771 USN-1986-1 http://www.ubuntu.com/usn/USN-1986-1 [nas] 20130807 nas: Multiple Vulnerabilities in nas 1.9.3 http://radscan.com/pipermail/nas/2013-August/001270.html [oss-security] 20130816 CVE Request : NAS v1.9.3 multiple Vulnerabilites http://www.openwall.com/lists/oss-security/2013/08/16/2 [oss-security] 20130819 Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites http://www.openwall.com/lists/oss-security/2013/08/19/3 http://sourceforge.net/p/nas/code/288 http://sourceforge.net/p/nas/code/288 |