[gentoo-announce] [ GLSA 200704-20 ] NAS: Multiple vulnerabilities - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200704-20 ] NAS: Multiple vulnerabilities
Date:	Mon, 23 Apr 2007 21:54:40
Message-Id:	`20070423205043.GN31875@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200704-20

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: NAS: Multiple vulnerabilities

9

      Date: April 23, 2007

10

      Bugs: #171428

11

        ID: 200704-20

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

The Network Audio System is vulnerable to a buffer overflow that could

19

result in the execution of arbitrary code with root privileges.

20

21

Background

22

==========

23

24

NAS is a network transparent, client/server audio transport system.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package         /  Vulnerable  /                       Unaffected

31

    -------------------------------------------------------------------

32

  1  media-libs/nas       < 1.8b                               >= 1.8b

33

34

Description

35

===========

36

37

Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of

38

which include a buffer overflow in the function accept_att_local(), an

39

integer overflow in the function ProcAuWriteElement(), and a null

40

pointer error in the function ReadRequestFromClient().

41

42

Impact

43

======

44

45

An attacker having access to the NAS daemon could send an overly long

46

slave name to the server, leading to the execution of arbitrary code

47

with root privileges. A remote attacker could also send a specially

48

crafted packet containing an invalid client ID, which would crash the

49

server and result in a Denial of Service.

50

51

Workaround

52

==========

53

54

There is no known workaround at this time.

55

56

Resolution

57

==========

58

59

All NAS users should upgrade to the latest version:

60

61

    # emerge --sync

62

    # emerge --ask --oneshot --verbose ">=media-libs/nas-1.8b"

63

64

References

65

==========

66

67

  [ 1 ] CVE-2007-1543

68

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543

69

  [ 2 ] CVE-2007-1544

70

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544

71

  [ 3 ] CVE-2007-1545

72

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545

73

  [ 4 ] CVE-2007-1546

74

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546

75

  [ 5 ] CVE-2007-1547

76

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547

77

78

Availability

79

============

80

81

This GLSA and any updates to it are available for viewing at

82

the Gentoo Security Website:

83

84

  http://security.gentoo.org/glsa/glsa-200704-20.xml

85

86

Concerns?

87

=========

88

89

Security is a primary focus of Gentoo Linux and ensuring the

90

confidentiality and security of our users machines is of utmost

91

importance to us. Any security concerns should be addressed to

92

security@g.o or alternatively, you may file a bug at

93

http://bugs.gentoo.org.

94

95

License

96

=======

97

98

Copyright 2007 Gentoo Foundation, Inc; referenced text

99

belongs to its owner(s).

100

101

The contents of this document are licensed under the

102

Creative Commons - Attribution / Share Alike license.

103

104

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200704-20
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: NAS: Multiple vulnerabilities
9	Date: April 23, 2007
10	Bugs: #171428
11	ID: 200704-20
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	The Network Audio System is vulnerable to a buffer overflow that could
19	result in the execution of arbitrary code with root privileges.
20
21	Background
22	==========
23
24	NAS is a network transparent, client/server audio transport system.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 media-libs/nas < 1.8b >= 1.8b
33
34	Description
35	===========
36
37	Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of
38	which include a buffer overflow in the function accept_att_local(), an
39	integer overflow in the function ProcAuWriteElement(), and a null
40	pointer error in the function ReadRequestFromClient().
41
42	Impact
43	======
44
45	An attacker having access to the NAS daemon could send an overly long
46	slave name to the server, leading to the execution of arbitrary code
47	with root privileges. A remote attacker could also send a specially
48	crafted packet containing an invalid client ID, which would crash the
49	server and result in a Denial of Service.
50
51	Workaround
52	==========
53
54	There is no known workaround at this time.
55
56	Resolution
57	==========
58
59	All NAS users should upgrade to the latest version:
60
61	# emerge --sync
62	# emerge --ask --oneshot --verbose ">=media-libs/nas-1.8b"
63
64	References
65	==========
66
67	[ 1 ] CVE-2007-1543
68	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543
69	[ 2 ] CVE-2007-1544
70	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544
71	[ 3 ] CVE-2007-1545
72	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545
73	[ 4 ] CVE-2007-1546
74	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546
75	[ 5 ] CVE-2007-1547
76	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547
77
78	Availability
79	============
80
81	This GLSA and any updates to it are available for viewing at
82	the Gentoo Security Website:
83
84	http://security.gentoo.org/glsa/glsa-200704-20.xml
85
86	Concerns?
87	=========
88
89	Security is a primary focus of Gentoo Linux and ensuring the
90	confidentiality and security of our users machines is of utmost
91	importance to us. Any security concerns should be addressed to
92	security@g.o or alternatively, you may file a bug at
93	http://bugs.gentoo.org.
94
95	License
96	=======
97
98	Copyright 2007 Gentoo Foundation, Inc; referenced text
99	belongs to its owner(s).
100
101	The contents of this document are licensed under the
102	Creative Commons - Attribution / Share Alike license.
103
104	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce