Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 19 Aug 2013 14:18:35 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/16/2013 12:44 AM, Hamid Zamani wrote:
Hello,

recently i reported some vulnerabilities in Network Audio System
(NAS) - v1.9.3

These vulnerabilities reported at :

http://radscan.com/pipermail/nas/2013-August/001270.html

and 3 fix on upstream :

https://sourceforge.net/p/nas/code/288/ 
https://sourceforge.net/p/nas/code/287/tree//trunk/server/os/utils.c?diff=517ad7dc2718467b12eafbad:286


https://sourceforge.net/p/nas/code/289/tree//trunk/server/os/connection.c?diff=517ad7dc2718467b12eafbad:288

is it possible to assign a CVE for these ?

Thank you


Ok so we got a total of three kinds of vulns, so same
version/researcher I'm CVE MERGEing them:

Buffer Overflows please use CVE-2013-4256
Heap Overflow please use CVE-2013-4257
Format String please use CVE-2013-4258

As for "Possible Race Condition and symlink attack:" can we confirm
it's a security issue?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSEn2bAAoJEBYNRVNeJnmTvlwP/Rt7ANxxSsEybZd77UMs/Nms
HDTRrOWzXq4etxSwO9bDQca6GxCfs58IzJk9WoTDGnVoTagMl2cQJQ/IAIEbL/ty
IbLa6iaLF2Ovi3PFH22M/X5ui8rXvymfRiz1k1zI52+lKPo9yWxxhSSNAVaaD+LE
k2MP+ZCckVlzKbrvSubHkntTQszKkOPZkVw1LSUnw8y0Gg9gqmqZM2uPcrG4RgiH
ECBavkSxumGd2TvzCusD+QAYHgYsGDWJ1VBx1QZx/ZgLnPOsa9cVk5er59b1e2cf
LVxPiC9USQRISr//Amb5NYktojbSYZUt6YTEknsdyu9PasjEbS4zF5iBqn0d57BI
PpfABLItMg/7loz1+eUk02BkgaHIYajJVVnrOwcGOxtiqrJM9JtvSW280cJ6TCOZ
ZDio2Rnmf0CFIPYzAG6MegQ/cXn53AyS5r114Ge5PEw50wGK19SIsNAzOMXOoj1P
gi34o10PID0DxX7MY5aVDBOLqiWnrq7w4y6gsi20JrebZMivZvRtHv8QjdNURdxH
tkceuAs8S3g7tsCZNjn3nnQ35l/wsp9ouWCyiZhlbWFIbX+YBR8tSGkylSVyS4eo
FWksNykZT3wwE9BbSUKk0bEGSLrmFahU/t0r5QoGVWPDfvbjQPKShX3aGENSir8t
9LAJqDk+MPb78WE/bMjU
=qxsJ
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]