CVE-2007-1544

Name of the Vulnerable Software and Affected Versions nas versions prior to 1.8b

Description The issue concerns multiple vulnerabilities in the nas package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. This can potentially lead to a denial of service or the execution of arbitrary code. The vulnerabilities can be exploited by providing a large max samples value to the ProcAuWriteElement function in server/dia/audispatch.c.

Recommendations For nas versions prior to 1.8b, update to version 1.8b or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable ProcAuWriteElement function in server/dia/audispatch.c until a patch is available. Avoid using large max samples values in the affected API endpoint until the issue is resolved.