Test ID:	1.3.6.1.4.1.25623.1.0.58325
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1273-1)
Summary:	The remote host is missing an update for the Debian 'nas' package(s) announced via the DSA-1273-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'nas' package(s) announced via the DSA-1273-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in nas, the Network Audio System. CVE-2007-1543 A stack-based buffer overflow in the accept_att_local function in server/os/connection.c in nas allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. CVE-2007-1544 An integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. CVE-2007-1545 The AddResource function in server/dia/resource.c allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. CVE-2007-1546 An array index error allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. CVE-2007-1547 The ReadRequestFromClient function in server/os/io.c allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. For the stable distribution (sarge), these problems have been fixed in version 1.7-2sarge1. For the upcoming stable distribution (etch) and the unstable distribution (sid) these problems have been fixed in version 1.8-4. We recommend that you upgrade your nas package. Affected Software/OS: 'nas' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1543 BugTraq ID: 23017 http://www.securityfocus.com/bid/23017 Bugtraq: 20070403 FLEA-2007-0007-1: nas (Google Search) http://www.securityfocus.com/archive/1/464606/30/7230/threaded Debian Security Information: DSA-1273 (Google Search) http://www.debian.org/security/2007/dsa-1273 http://security.gentoo.org/glsa/glsa-200704-20.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:065 http://aluigi.altervista.org/adv/nasbugs-adv.txt http://www.securitytracker.com/id?1017822 http://secunia.com/advisories/24527 http://secunia.com/advisories/24601 http://secunia.com/advisories/24628 http://secunia.com/advisories/24638 http://secunia.com/advisories/24783 http://secunia.com/advisories/24980 http://www.ubuntu.com/usn/usn-446-1 http://www.vupen.com/english/advisories/2007/0997 XForce ISS Database: nas-uslsocket-bo(33047) https://exchange.xforce.ibmcloud.com/vulnerabilities/33047 Common Vulnerability Exposure (CVE) ID: CVE-2007-1544 XForce ISS Database: nas-procauwriteelement-dos(33051) https://exchange.xforce.ibmcloud.com/vulnerabilities/33051 Common Vulnerability Exposure (CVE) ID: CVE-2007-1545 XForce ISS Database: nas-addresource-dos(33050) https://exchange.xforce.ibmcloud.com/vulnerabilities/33050 Common Vulnerability Exposure (CVE) ID: CVE-2007-1546 XForce ISS Database: nas-compileinputs-dos(33055) https://exchange.xforce.ibmcloud.com/vulnerabilities/33055 XForce ISS Database: nas-procausetelements-dos(33054) https://exchange.xforce.ibmcloud.com/vulnerabilities/33054 Common Vulnerability Exposure (CVE) ID: CVE-2007-1547 XForce ISS Database: nas-readrequestfromclient-dos(33059) https://exchange.xforce.ibmcloud.com/vulnerabilities/33059
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.