{"ubuntu": [{"lastseen": "2020-07-09T00:30:19", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "Luigi Auriemma discovered multiple flaws in the Network Audio System \nserver. Remote attackers could send specially crafted network requests \nthat could lead to a denial of service or execution of arbitrary code. \nNote that default Ubuntu installs do not include the NAS server.", "edition": 6, "modified": "2007-03-28T00:00:00", "published": "2007-03-28T00:00:00", "id": "USN-446-1", "href": "https://ubuntu.com/security/notices/USN-446-1", "title": "NAS vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:56:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "Check for the Version of nas", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830229", "href": "http://plugins.openvas.org/nasl.php?oid=830229", "type": "openvas", "title": "Mandriva Update for nas MDKSA-2007:065 (nas)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nas MDKSA-2007:065 (nas)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Luigi Auriemma discovered a number of problems with the nas (Network\n Audio System) daemon that could be used to crash nasd.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"nas on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-03/msg00020.php\");\n script_id(830229);\n script_cve_id(\"CVE-2007-1543\",\"CVE-2007-1544\",\"CVE-2007-1545\",\"CVE-2007-1546\",\"CVE-2007-1547\");\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:065\");\n script_name( \"Mandriva Update for nas MDKSA-2007:065 (nas)\");\n\n script_summary(\"Check for the Version of nas\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnas2\", rpm:\"libnas2~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnas2-devel\", rpm:\"libnas2-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnas2-static-devel\", rpm:\"libnas2-static-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nas\", rpm:\"nas~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nas2\", rpm:\"lib64nas2~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nas2-devel\", rpm:\"lib64nas2-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nas2-static-devel\", rpm:\"lib64nas2-static-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "Check for the Version of nas", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830229", "type": "openvas", "title": "Mandriva Update for nas MDKSA-2007:065 (nas)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nas MDKSA-2007:065 (nas)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Luigi Auriemma discovered a number of problems with the nas (Network\n Audio System) daemon that could be used to crash nasd.\n\n Updated packages have been patched to address this issue.\";\n\ntag_affected = \"nas on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-03/msg00020.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830229\");\n script_cve_id(\"CVE-2007-1543\",\"CVE-2007-1544\",\"CVE-2007-1545\",\"CVE-2007-1546\",\"CVE-2007-1547\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:065\");\n script_name( \"Mandriva Update for nas MDKSA-2007:065 (nas)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of nas\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnas2\", rpm:\"libnas2~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnas2-devel\", rpm:\"libnas2-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnas2-static-devel\", rpm:\"libnas2-static-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nas\", rpm:\"nas~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nas2\", rpm:\"lib64nas2~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nas2-devel\", rpm:\"lib64nas2-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nas2-static-devel\", rpm:\"lib64nas2-static-devel~1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200704-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58226", "href": "http://plugins.openvas.org/nasl.php?oid=58226", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200704-20 (NAS)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Network Audio System is vulnerable to a buffer overflow that could\nresult in the execution of arbitrary code with root privileges.\";\ntag_solution = \"All NAS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/nas-1.8b'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200704-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=171428\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200704-20.\";\n\n \n\nif(description)\n{\n script_id(58226);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200704-20 (NAS)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/nas\", unaffected: make_list(\"ge 1.8b\"), vulnerable: make_list(\"lt 1.8b\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "The remote host is missing an update to nas\nannounced via advisory DSA 1273-1.\n\nSeveral vulnerabilities have been discovered in nas, the Network Audio\nSystem.\n\nCVE-2007-1543\n\nA stack-based buffer overflow in the accept_att_local function in\nserver/os/connection.c in nas allows remote attackers to execute\narbitrary code via a long path slave name in a USL socket connection.\n\nCVE-2007-1544\n\nInteger overflow in the ProcAuWriteElement function in\nserver/dia/audispatch.c allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a large\nmax_samples value.\n\nCVE-2007-1545\n\nThe AddResource function in server/dia/resource.c allows remote\nattackers to cause a denial of service (server crash) via a\nnonexistent client ID.\n\nCVE-2007-1546\n\nArray index error allows remote attackers to cause a denial of service\n(crash) via (1) large num_action values in the ProcAuSetElements\nfunction in server/dia/audispatch.c or (2) a large inputNum parameter\nto the compileInputs function in server/dia/auutil.c.\n\nCVE-2007-1547\n\nThe ReadRequestFromClient function in server/os/io.c allows remote\nattackers to cause a denial of service (crash) via multiple\nsimultaneous connections, which triggers a NULL pointer dereference.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58325", "href": "http://plugins.openvas.org/nasl.php?oid=58325", "type": "openvas", "title": "Debian Security Advisory DSA 1273-1 (nas)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1273_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1273-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1.7-2sarge1\n\nFor the upcoming stable distribution (etch) and the unstable\ndistribution (sid) these packages have been fixed in version 1.8-4.\n\nWe recommend that you upgrade your nas package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201273-1\";\ntag_summary = \"The remote host is missing an update to nas\nannounced via advisory DSA 1273-1.\n\nSeveral vulnerabilities have been discovered in nas, the Network Audio\nSystem.\n\nCVE-2007-1543\n\nA stack-based buffer overflow in the accept_att_local function in\nserver/os/connection.c in nas allows remote attackers to execute\narbitrary code via a long path slave name in a USL socket connection.\n\nCVE-2007-1544\n\nInteger overflow in the ProcAuWriteElement function in\nserver/dia/audispatch.c allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a large\nmax_samples value.\n\nCVE-2007-1545\n\nThe AddResource function in server/dia/resource.c allows remote\nattackers to cause a denial of service (server crash) via a\nnonexistent client ID.\n\nCVE-2007-1546\n\nArray index error allows remote attackers to cause a denial of service\n(crash) via (1) large num_action values in the ProcAuSetElements\nfunction in server/dia/audispatch.c or (2) a large inputNum parameter\nto the compileInputs function in server/dia/auutil.c.\n\nCVE-2007-1547\n\nThe ReadRequestFromClient function in server/os/io.c allows remote\nattackers to cause a denial of service (crash) via multiple\nsimultaneous connections, which triggers a NULL pointer dereference.\";\n\n\nif(description)\n{\n script_id(58325);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_bugtraq_id(23017);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1273-1 (nas)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nas-doc\", ver:\"1.7-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libaudio2\", ver:\"1.7-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libaudio-dev\", ver:\"1.7-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nas-bin\", ver:\"1.7-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nas\", ver:\"1.7-2sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-446-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840057", "href": "http://plugins.openvas.org/nasl.php?oid=840057", "type": "openvas", "title": "Ubuntu Update for nas vulnerabilities USN-446-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_446_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for nas vulnerabilities USN-446-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Luigi Auriemma discovered multiple flaws in the Network Audio System\n server. Remote attackers could send specially crafted network requests\n that could lead to a denial of service or execution of arbitrary code.\n Note that default Ubuntu installs do not include the NAS server.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-446-1\";\ntag_affected = \"nas vulnerabilities on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-446-1/\");\n script_id(840057);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"446-1\");\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_name( \"Ubuntu Update for nas vulnerabilities USN-446-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libaudio-dev\", ver:\"1.7-3ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libaudio2\", ver:\"1.7-3ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas-bin\", ver:\"1.7-3ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas\", ver:\"1.7-3ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas-doc\", ver:\"1.7-3ubuntu3.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libaudio-dev\", ver:\"1.8-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libaudio2\", ver:\"1.8-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas-bin\", ver:\"1.8-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas\", ver:\"1.8-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas-doc\", ver:\"1.8-2ubuntu0.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libaudio-dev\", ver:\"1.7-2ubuntu2.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libaudio2\", ver:\"1.7-2ubuntu2.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas-bin\", ver:\"1.7-2ubuntu2.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas\", ver:\"1.7-2ubuntu2.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nas-doc\", ver:\"1.7-2ubuntu2.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "edition": 1, "description": "### Background\n\nNAS is a network transparent, client/server audio transport system. \n\n### Description\n\nLuigi Auriemma has discovered multiple vulnerabilities in NAS, some of which include a buffer overflow in the function accept_att_local(), an integer overflow in the function ProcAuWriteElement(), and a null pointer error in the function ReadRequestFromClient(). \n\n### Impact\n\nAn attacker having access to the NAS daemon could send an overly long slave name to the server, leading to the execution of arbitrary code with root privileges. A remote attacker could also send a specially crafted packet containing an invalid client ID, which would crash the server and result in a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll NAS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/nas-1.8b\"", "modified": "2007-04-23T00:00:00", "published": "2007-04-23T00:00:00", "id": "GLSA-200704-20", "href": "https://security.gentoo.org/glsa/200704-20", "type": "gentoo", "title": "NAS: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T15:43:36", "description": "Luigi Auriemma discovered multiple flaws in the Network Audio System\nserver. Remote attackers could send specially crafted network requests\nthat could lead to a denial of service or execution of arbitrary code.\nNote that default Ubuntu installs do not include the NAS server.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : nas vulnerabilities (USN-446-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "modified": "2007-11-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:nas-bin", "p-cpe:/a:canonical:ubuntu_linux:libaudio-dev", "p-cpe:/a:canonical:ubuntu_linux:libaudio2", "p-cpe:/a:canonical:ubuntu_linux:nas-doc", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:nas", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-446-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-446-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28043);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_xref(name:\"USN\", value:\"446-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : nas vulnerabilities (USN-446-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Luigi Auriemma discovered multiple flaws in the Network Audio System\nserver. Remote attackers could send specially crafted network requests\nthat could lead to a denial of service or execution of arbitrary code.\nNote that default Ubuntu installs do not include the NAS server.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/446-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libaudio-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libaudio2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nas-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nas-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libaudio-dev\", pkgver:\"1.7-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libaudio2\", pkgver:\"1.7-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"nas\", pkgver:\"1.7-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"nas-bin\", pkgver:\"1.7-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"nas-doc\", pkgver:\"1.7-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libaudio-dev\", pkgver:\"1.7-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libaudio2\", pkgver:\"1.7-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nas\", pkgver:\"1.7-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nas-bin\", pkgver:\"1.7-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nas-doc\", pkgver:\"1.7-3ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libaudio-dev\", pkgver:\"1.8-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libaudio2\", pkgver:\"1.8-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nas\", pkgver:\"1.8-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nas-bin\", pkgver:\"1.8-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"nas-doc\", pkgver:\"1.8-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libaudio-dev / libaudio2 / nas / nas-bin / nas-doc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:42", "description": "Luigi Auriemma discovered a number of problems with the nas (Network\nAudio System) daemon that could be used to crash nasd.\n\nUpdated packages have been patched to address this issue.", "edition": 24, "published": "2007-03-26T00:00:00", "title": "Mandrake Linux Security Advisory : nas (MDKSA-2007:065)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "modified": "2007-03-26T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libnas2-devel", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:libnas2-static-devel", "p-cpe:/a:mandriva:linux:lib64nas2", "p-cpe:/a:mandriva:linux:nas", "p-cpe:/a:mandriva:linux:lib64nas2-static-devel", "p-cpe:/a:mandriva:linux:libnas2", "p-cpe:/a:mandriva:linux:lib64nas2-devel"], "id": "MANDRAKE_MDKSA-2007-065.NASL", "href": "https://www.tenable.com/plugins/nessus/24891", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:065. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24891);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_xref(name:\"MDKSA\", value:\"2007:065\");\n\n script_name(english:\"Mandrake Linux Security Advisory : nas (MDKSA-2007:065)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Luigi Auriemma discovered a number of problems with the nas (Network\nAudio System) daemon that could be used to crash nasd.\n\nUpdated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nas2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nas2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nas2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnas2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnas2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnas2-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64nas2-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64nas2-devel-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64nas2-static-devel-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libnas2-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libnas2-devel-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libnas2-static-devel-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"nas-1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:12", "description": "The remote host is affected by the vulnerability described in GLSA-200704-20\n(NAS: Multiple vulnerabilities)\n\n Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of\n which include a buffer overflow in the function accept_att_local(), an\n integer overflow in the function ProcAuWriteElement(), and a null\n pointer error in the function ReadRequestFromClient().\n \nImpact :\n\n An attacker having access to the NAS daemon could send an overly long\n slave name to the server, leading to the execution of arbitrary code\n with root privileges. A remote attacker could also send a specially\n crafted packet containing an invalid client ID, which would crash the\n server and result in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-04-30T00:00:00", "title": "GLSA-200704-20 : NAS: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "modified": "2007-04-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nas", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200704-20.NASL", "href": "https://www.tenable.com/plugins/nessus/25108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200704-20.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25108);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_xref(name:\"GLSA\", value:\"200704-20\");\n\n script_name(english:\"GLSA-200704-20 : NAS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200704-20\n(NAS: Multiple vulnerabilities)\n\n Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of\n which include a buffer overflow in the function accept_att_local(), an\n integer overflow in the function ProcAuWriteElement(), and a null\n pointer error in the function ReadRequestFromClient().\n \nImpact :\n\n An attacker having access to the NAS daemon could send an overly long\n slave name to the server, leading to the execution of arbitrary code\n with root privileges. A remote attacker could also send a specially\n crafted packet containing an invalid client ID, which would crash the\n server and result in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200704-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All NAS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/nas-1.8b'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/nas\", unaffected:make_list(\"ge 1.8b\"), vulnerable:make_list(\"lt 1.8b\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NAS\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:44:46", "description": "Several vulnerabilities have been discovered in nas, the Network Audio\nSystem.\n\n - CVE-2007-1543\n A stack-based buffer overflow in the accept_att_local\n function in server/os/connection.c in nas allows remote\n attackers to execute arbitrary code via a long path\n slave name in a USL socket connection.\n\n - CVE-2007-1544\n An integer overflow in the ProcAuWriteElement function\n in server/dia/audispatch.c allows remote attackers to\n cause a denial of service (crash) and possibly execute\n arbitrary code via a large max_samples value.\n\n - CVE-2007-1545\n The AddResource function in server/dia/resource.c allows\n remote attackers to cause a denial of service (server\n crash) via a nonexistent client ID.\n\n - CVE-2007-1546\n An array index error allows remote attackers to cause a\n denial of service (crash) via (1) large num_action\n values in the ProcAuSetElements function in\n server/dia/audispatch.c or (2) a large inputNum\n parameter to the compileInputs function in\n server/dia/auutil.c.\n\n - CVE-2007-1547\n The ReadRequestFromClient function in server/os/io.c\n allows remote attackers to cause a denial of service\n (crash) via multiple simultaneous connections, which\n triggers a NULL pointer dereference.", "edition": 25, "published": "2007-04-05T00:00:00", "title": "Debian DSA-1273-1 : nas - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "modified": "2007-04-05T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:nas"], "id": "DEBIAN_DSA-1273.NASL", "href": "https://www.tenable.com/plugins/nessus/24921", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1273. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24921);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1543\", \"CVE-2007-1544\", \"CVE-2007-1545\", \"CVE-2007-1546\", \"CVE-2007-1547\");\n script_bugtraq_id(23017);\n script_xref(name:\"DSA\", value:\"1273\");\n\n script_name(english:\"Debian DSA-1273-1 : nas - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in nas, the Network Audio\nSystem.\n\n - CVE-2007-1543\n A stack-based buffer overflow in the accept_att_local\n function in server/os/connection.c in nas allows remote\n attackers to execute arbitrary code via a long path\n slave name in a USL socket connection.\n\n - CVE-2007-1544\n An integer overflow in the ProcAuWriteElement function\n in server/dia/audispatch.c allows remote attackers to\n cause a denial of service (crash) and possibly execute\n arbitrary code via a large max_samples value.\n\n - CVE-2007-1545\n The AddResource function in server/dia/resource.c allows\n remote attackers to cause a denial of service (server\n crash) via a nonexistent client ID.\n\n - CVE-2007-1546\n An array index error allows remote attackers to cause a\n denial of service (crash) via (1) large num_action\n values in the ProcAuSetElements function in\n server/dia/audispatch.c or (2) a large inputNum\n parameter to the compileInputs function in\n server/dia/auutil.c.\n\n - CVE-2007-1547\n The ReadRequestFromClient function in server/os/io.c\n allows remote attackers to cause a denial of service\n (crash) via multiple simultaneous connections, which\n triggers a NULL pointer dereference.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-1547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1273\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nas package.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.7-2sarge1.\n\nFor the upcoming stable distribution (etch) and the unstable\ndistribution (sid) these problems have been fixed in version 1.8-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nas\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libaudio-dev\", reference:\"1.7-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libaudio2\", reference:\"1.7-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"nas\", reference:\"1.7-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"nas-bin\", reference:\"1.7-2sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"nas-doc\", reference:\"1.7-2sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:29:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1547", "CVE-2007-1544", "CVE-2007-1545", "CVE-2007-1543", "CVE-2007-1546"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1273-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nMarch 27, 2007\n- ------------------------------------------------------------------------\n\nPackage : nas\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547\nBugTraq ID : 23017\nDebian Bug : 416038\n\nSeveral vulnerabilities have been discovered in nas, the Network Audio\nSystem.\n\nCVE-2007-1543 \n\nA stack-based buffer overflow in the accept_att_local function in\nserver/os/connection.c in nas allows remote attackers to execute\narbitrary code via a long path slave name in a USL socket connection.\n\nCVE-2007-1544\n\nInteger overflow in the ProcAuWriteElement function in\nserver/dia/audispatch.c allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a large\nmax_samples value.\n\nCVE-2007-1545\n\nThe AddResource function in server/dia/resource.c allows remote\nattackers to cause a denial of service (server crash) via a\nnonexistent client ID.\n\nCVE-2007-1546\n\nArray index error allows remote attackers to cause a denial of service\n(crash) via (1) large num_action values in the ProcAuSetElements\nfunction in server/dia/audispatch.c or (2) a large inputNum parameter\nto the compileInputs function in server/dia/auutil.c.\n\nCVE-2007-1547\n\nThe ReadRequestFromClient function in server/os/io.c allows remote\nattackers to cause a denial of service (crash) via multiple\nsimultaneous connections, which triggers a NULL pointer dereference.\n\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1.7-2sarge1\n\nFor the upcoming stable distribution (etch) and the unstable\ndistribution (sid) these packages have been fixed in version 1.8-4.\n\nWe recommend that you upgrade your nas package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian 3.1 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7.orig.tar.gz\n Size/MD5 checksum: 1288569 c9918e9c9c95d587a95b455bbabe3b49\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1.dsc\n Size/MD5 checksum: 693 2f0821d157ae249adfda1ddcf39bf9aa\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1.diff.gz\n Size/MD5 checksum: 124076 b057e678fb808ef95666d766944ce498\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/n/nas/nas-doc_1.7-2sarge1_all.deb\n Size/MD5 checksum: 150478 744cbca330f9f8463a36251836514cc4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_alpha.deb\n Size/MD5 checksum: 82560 ac84bfe7e6f04f0693b787b33c5a1890\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_alpha.deb\n Size/MD5 checksum: 1330046 e8b1709f240ca6ee0c7e893a6d4598ac\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_alpha.deb\n Size/MD5 checksum: 622528 6d14250da6aab5da4737af8d2f3d4930\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_alpha.deb\n Size/MD5 checksum: 120098 2efb7c2fd2c6cfbce699789f7b1e9782\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_amd64.deb\n Size/MD5 checksum: 1291220 019146fc7d079820c088bf1a597a91bf\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_amd64.deb\n Size/MD5 checksum: 102672 40c936bde0db91e5cef3f90c88c03168\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_amd64.deb\n Size/MD5 checksum: 74620 e8d8d3d5ec14dcfdb8285d6eb5e6b67b\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_amd64.deb\n Size/MD5 checksum: 526904 7cc01f5259953f12f0f82cbd1b6ecc62\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_arm.deb\n Size/MD5 checksum: 70894 b55f037fe9266c92d3a3b9650ae750d7\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_arm.deb\n Size/MD5 checksum: 1201362 99b1f795e47faf04db5a3b9ec8ed3440\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_arm.deb\n Size/MD5 checksum: 473996 863cc92b5e937cc44e6f3e13f023a374\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_arm.deb\n Size/MD5 checksum: 97152 dd196d5474c9e68b9096c44a7d72bf5e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_hppa.deb\n Size/MD5 checksum: 78114 393d231f6d67274102dff5526043dc57\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_hppa.deb\n Size/MD5 checksum: 107144 da99e90ee80eb1f1e266c85701d26007\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_hppa.deb\n Size/MD5 checksum: 1310940 1c94b9c41c36e8255396c9ffd400aee5\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_hppa.deb\n Size/MD5 checksum: 570894 084753a5ebc4ea153a56cc18fb784904\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_i386.deb\n Size/MD5 checksum: 95234 edcc7d8210a2acac10c84547cfa3d2c2\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_i386.deb\n Size/MD5 checksum: 1189584 20f53c488e517d53e6aa517fd4a2076a\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_i386.deb\n Size/MD5 checksum: 71866 df4b413ad699008cfe5b96b46aab5d0b\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_i386.deb\n Size/MD5 checksum: 495476 2571d898d1921adeafa543a1709d0e2a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_ia64.deb\n Size/MD5 checksum: 746720 d9a7f324f9d4c562c197fd93b24cd3ab\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_ia64.deb\n Size/MD5 checksum: 95382 cf266077d4f01eadb95f27ecdad79c3a\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_ia64.deb\n Size/MD5 checksum: 1325658 3cb330c6a614a2aba983b5a06bc0e70b\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_ia64.deb\n Size/MD5 checksum: 133454 a4b8eb9bf242d0c5e92da9996099a3c0\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_m68k.deb\n Size/MD5 checksum: 67186 5b214ce898aa6f629f31eb0efacae4e6\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_m68k.deb\n Size/MD5 checksum: 1260302 a0132b9f2fa66dd587a39e6bfbca6622\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_m68k.deb\n Size/MD5 checksum: 88438 f24d7a213264eff51574b4b51dc1e0bc\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_m68k.deb\n Size/MD5 checksum: 418440 6f0f7e8c7f7b0b948f6efafa84547905\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_mips.deb\n Size/MD5 checksum: 1289470 adeb481ca91d7671a549687ad1b39c5a\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_mips.deb\n Size/MD5 checksum: 72522 6da040afd23c865e6c9e7e6d945d2457\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_mips.deb\n Size/MD5 checksum: 550000 b97c0b1c75e957549d20c7c2c9b6be59\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_mips.deb\n Size/MD5 checksum: 108754 feefdb5bedf589515f2a5ed3b2a0a2a3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_mipsel.deb\n Size/MD5 checksum: 72440 6e2a76e66b1d68798f1fc5aeac325a6d\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_mipsel.deb\n Size/MD5 checksum: 1239994 c1628d859aee3dd011e9c1b380f12ddc\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_mipsel.deb\n Size/MD5 checksum: 550010 4e3be289e9fd903feca4bbdd99bf0996\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_mipsel.deb\n Size/MD5 checksum: 108672 2baa553b2134c1a5274f210fc5d74502\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_powerpc.deb\n Size/MD5 checksum: 100542 607cdd05f11daf5d000840f831a0537c\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_powerpc.deb\n Size/MD5 checksum: 531068 ef8f43c27a398a651a3cff195ef603a3\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_powerpc.deb\n Size/MD5 checksum: 1439084 cf1e5f85964ed34733cb31532269e543\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_powerpc.deb\n Size/MD5 checksum: 74744 fd09f58e22639db4e074cff228c98a37\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_sparc.deb\n Size/MD5 checksum: 70474 d527e90baffd8d2829ab4e877344eef0\n http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_sparc.deb\n Size/MD5 checksum: 96474 2af98815309ed2d313e029dc6676c670\n http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_sparc.deb\n Size/MD5 checksum: 1295200 23a1e3a875f841023f456dd7e8f8429d\n http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_sparc.deb\n Size/MD5 checksum: 473026 6494ad53d51495b309f5f6b7d122c585\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2007-03-27T00:00:00", "published": "2007-03-27T00:00:00", "id": "DEBIAN:DSA-1273-1:FDEFD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00028.html", "title": "[SECURITY] [DSA 1273-1] New nas packages fix multiple remote vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-04-21T20:36:26", "description": "Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.", "edition": 5, "cvss3": {}, "published": "2007-03-20T22:19:00", "title": "CVE-2007-1546", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1546"], "modified": "2018-10-16T16:39:00", "cpe": ["cpe:/a:radscan:network_audio_system:1.8a"], "id": "CVE-2007-1546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1546", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:radscan:network_audio_system:1.8a:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:36:26", "description": "The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.", "edition": 5, "cvss3": {}, "published": "2007-03-20T22:19:00", "title": "CVE-2007-1545", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1545"], "modified": "2018-10-16T16:39:00", "cpe": ["cpe:/a:radscan:network_audio_system:1.8a"], "id": "CVE-2007-1545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1545", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:radscan:network_audio_system:1.8a:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:36:26", "description": "Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.", "edition": 5, "cvss3": {}, "published": "2007-03-20T22:19:00", "title": "CVE-2007-1543", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1543"], "modified": "2018-10-16T16:39:00", "cpe": ["cpe:/a:radscan:network_audio_system:1.8a"], "id": "CVE-2007-1543", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1543", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:radscan:network_audio_system:1.8a:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:36:26", "description": "Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.", "edition": 5, "cvss3": {}, "published": "2007-03-20T22:19:00", "title": "CVE-2007-1544", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1544"], "modified": "2018-10-16T16:39:00", "cpe": ["cpe:/a:radscan:network_audio_system:1.8a"], "id": "CVE-2007-1544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1544", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:radscan:network_audio_system:1.8a:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:36:26", "description": "The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.", "edition": 5, "cvss3": {}, "published": "2007-03-20T22:19:00", "title": "CVE-2007-1547", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1547"], "modified": "2018-10-16T16:39:00", "cpe": ["cpe:/a:radscan:network_audio_system:1.8a"], "id": "CVE-2007-1547", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1547", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:radscan:network_audio_system:1.8a:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1546"], "description": "## Solution Description\nUpgrade to version 1.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.radscan.com/nas/HISTORY\nSecurity Tracker: 1017822\n[Secunia Advisory ID:24628](https://secuniaresearch.flexerasoftware.com/advisories/24628/)\n[Secunia Advisory ID:24980](https://secuniaresearch.flexerasoftware.com/advisories/24980/)\n[Secunia Advisory ID:24783](https://secuniaresearch.flexerasoftware.com/advisories/24783/)\n[Secunia Advisory ID:24527](https://secuniaresearch.flexerasoftware.com/advisories/24527/)\n[Secunia Advisory ID:24601](https://secuniaresearch.flexerasoftware.com/advisories/24601/)\n[Secunia Advisory ID:24638](https://secuniaresearch.flexerasoftware.com/advisories/24638/)\n[Related OSVDB ID: 34258](https://vulners.com/osvdb/OSVDB:34258)\n[Related OSVDB ID: 34260](https://vulners.com/osvdb/OSVDB:34260)\n[Related OSVDB ID: 34259](https://vulners.com/osvdb/OSVDB:34259)\n[Related OSVDB ID: 34262](https://vulners.com/osvdb/OSVDB:34262)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-446-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-20.xml\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000171.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1273\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:065\nOther Advisory URL: http://aluigi.altervista.org/adv/nasbugs-adv.txt\nISS X-Force ID: 33047\nFrSIRT Advisory: ADV-2007-0997\n[CVE-2007-1546](https://vulners.com/cve/CVE-2007-1546)\nBugtraq ID: 23017\n", "edition": 1, "modified": "2007-03-19T07:18:57", "published": "2007-03-19T07:18:57", "href": "https://vulners.com/osvdb/OSVDB:34261", "id": "OSVDB:34261", "title": "Network Audio System (NAS) Multiple Array Index Error DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1545"], "description": "## Solution Description\nUpgrade to version 1.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.radscan.com/nas/HISTORY\nSecurity Tracker: 1017822\n[Secunia Advisory ID:24628](https://secuniaresearch.flexerasoftware.com/advisories/24628/)\n[Secunia Advisory ID:24980](https://secuniaresearch.flexerasoftware.com/advisories/24980/)\n[Secunia Advisory ID:24783](https://secuniaresearch.flexerasoftware.com/advisories/24783/)\n[Secunia Advisory ID:24527](https://secuniaresearch.flexerasoftware.com/advisories/24527/)\n[Secunia Advisory ID:24601](https://secuniaresearch.flexerasoftware.com/advisories/24601/)\n[Secunia Advisory ID:24638](https://secuniaresearch.flexerasoftware.com/advisories/24638/)\n[Related OSVDB ID: 34261](https://vulners.com/osvdb/OSVDB:34261)\n[Related OSVDB ID: 34258](https://vulners.com/osvdb/OSVDB:34258)\n[Related OSVDB ID: 34259](https://vulners.com/osvdb/OSVDB:34259)\n[Related OSVDB ID: 34262](https://vulners.com/osvdb/OSVDB:34262)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-446-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-20.xml\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000171.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1273\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:065\nOther Advisory URL: http://aluigi.altervista.org/adv/nasbugs-adv.txt\nISS X-Force ID: 33047\nFrSIRT Advisory: ADV-2007-0997\n[CVE-2007-1545](https://vulners.com/cve/CVE-2007-1545)\nBugtraq ID: 23017\n", "edition": 1, "modified": "2007-03-19T07:18:57", "published": "2007-03-19T07:18:57", "href": "https://vulners.com/osvdb/OSVDB:34260", "id": "OSVDB:34260", "title": "Network Audio System (NAS) server/dia/resource.c AddResource Function Remote DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1543"], "description": "## Solution Description\nUpgrade to version 1.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.radscan.com/nas/HISTORY\nSecurity Tracker: 1017822\n[Secunia Advisory ID:24628](https://secuniaresearch.flexerasoftware.com/advisories/24628/)\n[Secunia Advisory ID:24980](https://secuniaresearch.flexerasoftware.com/advisories/24980/)\n[Secunia Advisory ID:24783](https://secuniaresearch.flexerasoftware.com/advisories/24783/)\n[Secunia Advisory ID:24527](https://secuniaresearch.flexerasoftware.com/advisories/24527/)\n[Secunia Advisory ID:24601](https://secuniaresearch.flexerasoftware.com/advisories/24601/)\n[Secunia Advisory ID:24638](https://secuniaresearch.flexerasoftware.com/advisories/24638/)\n[Related OSVDB ID: 34261](https://vulners.com/osvdb/OSVDB:34261)\n[Related OSVDB ID: 34260](https://vulners.com/osvdb/OSVDB:34260)\n[Related OSVDB ID: 34259](https://vulners.com/osvdb/OSVDB:34259)\n[Related OSVDB ID: 34262](https://vulners.com/osvdb/OSVDB:34262)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-446-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-20.xml\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:065\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1273\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000171.html\nOther Advisory URL: http://aluigi.altervista.org/adv/nasbugs-adv.txt\nISS X-Force ID: 33047\nFrSIRT Advisory: ADV-2007-0997\n[CVE-2007-1543](https://vulners.com/cve/CVE-2007-1543)\nBugtraq ID: 23017\n", "edition": 1, "modified": "2007-03-19T07:18:57", "published": "2007-03-19T07:18:57", "href": "https://vulners.com/osvdb/OSVDB:34258", "id": "OSVDB:34258", "title": "Network Audio System (NAS) server/os/connection.c accept_att_local Function Remote Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1544"], "description": "## Solution Description\nUpgrade to version 1.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.radscan.com/nas/HISTORY\nSecurity Tracker: 1017822\n[Secunia Advisory ID:24628](https://secuniaresearch.flexerasoftware.com/advisories/24628/)\n[Secunia Advisory ID:24980](https://secuniaresearch.flexerasoftware.com/advisories/24980/)\n[Secunia Advisory ID:24783](https://secuniaresearch.flexerasoftware.com/advisories/24783/)\n[Secunia Advisory ID:24527](https://secuniaresearch.flexerasoftware.com/advisories/24527/)\n[Secunia Advisory ID:24601](https://secuniaresearch.flexerasoftware.com/advisories/24601/)\n[Secunia Advisory ID:24638](https://secuniaresearch.flexerasoftware.com/advisories/24638/)\n[Related OSVDB ID: 34261](https://vulners.com/osvdb/OSVDB:34261)\n[Related OSVDB ID: 34258](https://vulners.com/osvdb/OSVDB:34258)\n[Related OSVDB ID: 34260](https://vulners.com/osvdb/OSVDB:34260)\n[Related OSVDB ID: 34262](https://vulners.com/osvdb/OSVDB:34262)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-446-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-20.xml\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000171.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1273\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:065\nOther Advisory URL: http://aluigi.altervista.org/adv/nasbugs-adv.txt\nISS X-Force ID: 33047\nFrSIRT Advisory: ADV-2007-0997\n[CVE-2007-1544](https://vulners.com/cve/CVE-2007-1544)\nBugtraq ID: 23017\n", "edition": 1, "modified": "2007-03-19T07:18:57", "published": "2007-03-19T07:18:57", "href": "https://vulners.com/osvdb/OSVDB:34259", "id": "OSVDB:34259", "title": "Network Audio System (NAS) server/dia/audispatch.c ProcAuWriteElement Function Remote Overflow", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1547"], "description": "## Solution Description\nUpgrade to version 1.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.radscan.com/nas/HISTORY\nSecurity Tracker: 1017822\n[Secunia Advisory ID:24628](https://secuniaresearch.flexerasoftware.com/advisories/24628/)\n[Secunia Advisory ID:24980](https://secuniaresearch.flexerasoftware.com/advisories/24980/)\n[Secunia Advisory ID:24783](https://secuniaresearch.flexerasoftware.com/advisories/24783/)\n[Secunia Advisory ID:24527](https://secuniaresearch.flexerasoftware.com/advisories/24527/)\n[Secunia Advisory ID:24601](https://secuniaresearch.flexerasoftware.com/advisories/24601/)\n[Secunia Advisory ID:24638](https://secuniaresearch.flexerasoftware.com/advisories/24638/)\n[Related OSVDB ID: 34261](https://vulners.com/osvdb/OSVDB:34261)\n[Related OSVDB ID: 34258](https://vulners.com/osvdb/OSVDB:34258)\n[Related OSVDB ID: 34260](https://vulners.com/osvdb/OSVDB:34260)\n[Related OSVDB ID: 34259](https://vulners.com/osvdb/OSVDB:34259)\nOther Advisory URL: http://www.ubuntu.com/usn/usn-446-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200704-20.xml\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-April/000171.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1273\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:065\nOther Advisory URL: http://aluigi.altervista.org/adv/nasbugs-adv.txt\nISS X-Force ID: 33047\nFrSIRT Advisory: ADV-2007-0997\n[CVE-2007-1547](https://vulners.com/cve/CVE-2007-1547)\nBugtraq ID: 23017\n", "edition": 1, "modified": "2007-03-19T07:18:57", "published": "2007-03-19T07:18:57", "href": "https://vulners.com/osvdb/OSVDB:34262", "id": "OSVDB:34262", "title": "Network Audio System (NAS) server/os/io.c ReadRequestFromClient Function NULL Dereference DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
