oss-sec mailing list archives
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 19 Aug 2013 14:18:35 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/16/2013 12:44 AM, Hamid Zamani wrote:
Hello, recently i reported some vulnerabilities in Network Audio System (NAS) - v1.9.3 These vulnerabilities reported at : http://radscan.com/pipermail/nas/2013-August/001270.html and 3 fix on upstream : https://sourceforge.net/p/nas/code/288/ https://sourceforge.net/p/nas/code/287/tree//trunk/server/os/utils.c?diff=517ad7dc2718467b12eafbad:286
https://sourceforge.net/p/nas/code/289/tree//trunk/server/os/connection.c?diff=517ad7dc2718467b12eafbad:288
is it possible to assign a CVE for these ? Thank you
Ok so we got a total of three kinds of vulns, so same version/researcher I'm CVE MERGEing them: Buffer Overflows please use CVE-2013-4256 Heap Overflow please use CVE-2013-4257 Format String please use CVE-2013-4258 As for "Possible Race Condition and symlink attack:" can we confirm it's a security issue? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSEn2bAAoJEBYNRVNeJnmTvlwP/Rt7ANxxSsEybZd77UMs/Nms HDTRrOWzXq4etxSwO9bDQca6GxCfs58IzJk9WoTDGnVoTagMl2cQJQ/IAIEbL/ty IbLa6iaLF2Ovi3PFH22M/X5ui8rXvymfRiz1k1zI52+lKPo9yWxxhSSNAVaaD+LE k2MP+ZCckVlzKbrvSubHkntTQszKkOPZkVw1LSUnw8y0Gg9gqmqZM2uPcrG4RgiH ECBavkSxumGd2TvzCusD+QAYHgYsGDWJ1VBx1QZx/ZgLnPOsa9cVk5er59b1e2cf LVxPiC9USQRISr//Amb5NYktojbSYZUt6YTEknsdyu9PasjEbS4zF5iBqn0d57BI PpfABLItMg/7loz1+eUk02BkgaHIYajJVVnrOwcGOxtiqrJM9JtvSW280cJ6TCOZ ZDio2Rnmf0CFIPYzAG6MegQ/cXn53AyS5r114Ge5PEw50wGK19SIsNAzOMXOoj1P gi34o10PID0DxX7MY5aVDBOLqiWnrq7w4y6gsi20JrebZMivZvRtHv8QjdNURdxH tkceuAs8S3g7tsCZNjn3nnQ35l/wsp9ouWCyiZhlbWFIbX+YBR8tSGkylSVyS4eo FWksNykZT3wwE9BbSUKk0bEGSLrmFahU/t0r5QoGVWPDfvbjQPKShX3aGENSir8t 9LAJqDk+MPb78WE/bMjU =qxsJ -----END PGP SIGNATURE-----
Current thread:
- CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Aug 15)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Kurt Seifried (Aug 19)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Aug 19)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Florian Weimer (Sep 09)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Sep 09)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Kurt Seifried (Aug 19)