CVE-2013-4256

2013-10-0914:54:00

CWE-119

[email protected]

web.nvd.nist.gov

nas

network audio system

buffer overflows

cve-2013-4256

security vulnerability

denial of service

arbitrary code execution

nvd

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
radscan:network_audio_systemradscan network audio systemeq1.9.3

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
radscan:network_audio_system	radscan network audio system	eq	1.9.3