CVE-2007-1545

Name of the Vulnerable Software and Affected Versions nas versions prior to 1.8b

Description The issue concerns multiple vulnerabilities in the nas package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.

Recommendations For nas versions prior to 1.8b, update to version 1.8b or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AddResource function until a patch is available. Avoid using nonexistent client IDs in the affected API endpoint until the issue is resolved.