FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-4256

This CVE name corresponds to:

Entered Topic
2014-04-11 nas -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-4256
Phase Assigned(20130612)

Description

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.

References

Source Reference
MLIST [nas] 20130807 nas: Multiple Vulnerabilities in nas 1.9.3
MLIST [oss-security] 20130816 CVE Request : NAS v1.9.3 multiple Vulnerabilites
MLIST [oss-security] 20130819 Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites
CONFIRM http://sourceforge.net/p/nas/code/288
DEBIAN DSA-2771
UBUNTU USN-1986-1