NAS v1.9.3 Multiple Vulnerabilities

2013.08.20
Credit: Hamid Zamani
Risk: High
Local: No
Remote: Yes
CVE: CVE-2013-4256 | CVE-2013-4257 | CVE-2013-4258
CWE: N/A

NAS v1.9.3 Multiple Vulnerabilities Author : Ashiyane Digital Security Team Package : NAS ( Network Audio System) Version : 1.9.3 Software Link : https://sourceforge.net/projects/nas/ Vendor : http://radscan.com/nas.html CVEs : CVE-2013-4256, CVE-2013-4257, CVE-2013-4258 Package Description : The Network Audio System is a network transparent, client/server audio transport system. It can be described as the audio equivalent of an X server. Vulnerabilities details : Recently several security flaws were discovered in latest version of `nasd` as explained briefly at the following link : http://radscan.com/pipermail/nas/2013-August/001270.html Fixes on Upstream : https://sourceforge.net/p/nas/code/288/ https://sourceforge.net/p/nas/code/287/tree//trunk/server/os/utils.c?diff=517ad7dc2718467b12eafbad:286 https://sourceforge.net/p/nas/code/289/tree//trunk/server/os/connection.c?diff=517ad7dc2718467b12eafbad:288 TimeLine : 2013/08/07 - Vulnerabilities Discovered 2013/08/07 - Vendor notified 2013/08/07 | 15 - Vendor provided fixes 2013/08/20 - Published Solution : Fixed version will be ready soon. Links : http://radscan.com/pipermail/nas/2013-August/001270.html http://www.openwall.com/lists/oss-security/2013/08/16/2 https://sourceforge.net/p/nas/code/288/ # Discovered and Reported By : Hamid Zamani (aka HAMIDx9)

References:

http://radscan.com/pipermail/nas/2013-August/001270.html
http://www.openwall.com/lists/oss-security/2013/08/16/2
https://sourceforge.net/p/nas/code/288/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top