Hamid Zamani

**Name of the Vulnerable Software and Affected Versions** Network Audio System (NAS) version 1.9.3 **Description** The issue involves multiple stack-based and heap-based buffer overflows that can be exploited by local users to cause a denial of service or possibly execute arbitrary code. This can be achieved through various means, including the display command argument to the `ProcessCommandLine` function, the `ResetHosts` function, several `open` functions in connection.c, the `AUDIOHOST` environment variable to the `CreateWellKnownSockets` or `AmoebaTCPConnectorThread` function, and unspecified vectors related to logging in the `osLogMsg` function. The vulnerability can also be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. **Recommendations** For Network Audio System (NAS) version 1.9.3, consider updating to version 1.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions, such as `ProcessCommandLine`, `ResetHosts`, `open unix socket`, `open isc local`, `open xsight local`, `open att local`, `open att svr4 local`, `CreateWellKnownSockets`, `AmoebaTCPConnectorThread`, and `osLogMsg`, until a patch is available. Avoid using the `AUDIOHOST` environment variable in the affected functions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Network Audio System (NAS) versions prior to 1.9.4 Gentoo Linux (affected versions not specified) Debian GNU/Linux (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the NAS package of Gentoo Linux and Debian GNU/Linux operating systems. These vulnerabilities can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. A specific format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. **Recommendations** For Network Audio System (NAS) versions prior to 1.9.4, update to version 1.9.4 or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Debian GNU/Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YARD RADIUS version 1.1.2 **Description** The issue concerns multiple format string vulnerabilities that allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code. This is achieved through format string specifiers in a request, specifically in the log msg function in log.c, or the version or build version function in version.c. **Recommendations** For YARD RADIUS version 1.1.2, consider disabling the log msg function in log.c, as well as the version and build version functions in version.c, until a patch is available to prevent potential exploitation. Restrict access to these functions to minimize the risk of a denial of service or arbitrary code execution.