Debian Security Advisory

DSA-1273-1 nas -- several vulnerabilities

Date Reported:
27 Mar 2007
Affected Packages:
nas
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 416038.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23017.
In Mitre's CVE dictionary: CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547.
More information:

Several vulnerabilities have been discovered in nas, the Network Audio System.

  • CVE-2007-1543

    A stack-based buffer overflow in the accept_att_local function in server/os/connection.c in nas allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.

  • CVE-2007-1544

    An integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.

  • CVE-2007-1545

    The AddResource function in server/dia/resource.c allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.

  • CVE-2007-1546

    An array index error allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.

  • CVE-2007-1547

    The ReadRequestFromClient function in server/os/io.c allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.

For the stable distribution (sarge), these problems have been fixed in version 1.7-2sarge1.

For the upcoming stable distribution (etch) and the unstable distribution (sid) these problems have been fixed in version 1.8-4.

We recommend that you upgrade your nas package.

Fixed in:

Debian GNU/Linux 3.1 (stable)

Source:
http://security.debian.org/pool/updates/main/n/nas/nas_1.7.orig.tar.gz
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1.dsc
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/n/nas/nas-doc_1.7-2sarge1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_alpha.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_alpha.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_alpha.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_amd64.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_amd64.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_amd64.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_arm.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_arm.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_arm.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_arm.deb
HPPA:
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_hppa.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_hppa.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_hppa.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_i386.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_i386.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_i386.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_ia64.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_ia64.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_ia64.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_ia64.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_m68k.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_m68k.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_m68k.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_mips.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_mips.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_mips.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_mipsel.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_mipsel.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_mipsel.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_powerpc.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_powerpc.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_powerpc.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_sparc.deb
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_sparc.deb
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_sparc.deb
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.