Several vulnerabilities have been discovered in nas, the Network Audio
System.
- CVE-2007-1543
A stack-based buffer overflow in the accept_att_local function in
server/os/connection.c in nas allows remote attackers to execute
arbitrary code via a long path slave name in a USL socket connection.
- CVE-2007-1544
An integer overflow in the ProcAuWriteElement function in
server/dia/audispatch.c allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a large
max_samples value.
- CVE-2007-1545
The AddResource function in server/dia/resource.c allows remote
attackers to cause a denial of service (server crash) via a
nonexistent client ID.
- CVE-2007-1546
An array index error allows remote attackers to cause a denial of service
(crash) via (1) large num_action values in the ProcAuSetElements
function in server/dia/audispatch.c or (2) a large inputNum parameter
to the compileInputs function in server/dia/auutil.c.
- CVE-2007-1547
The ReadRequestFromClient function in server/os/io.c allows remote
attackers to cause a denial of service (crash) via multiple
simultaneous connections, which triggers a NULL pointer dereference.
For the stable distribution (sarge), these problems have been fixed in
version 1.7-2sarge1.
For the upcoming stable distribution (etch) and the unstable
distribution (sid) these problems have been fixed in version 1.8-4.
We recommend that you upgrade your nas package.