PT-2007-7471 · Network Audio System · Nas

Luigi Auriemma

Published

1970-01-01

Updated

2018-10-16

CVE-2007-1547

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions nas versions prior to 1.8b

Description The issue concerns multiple vulnerabilities in the nas package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The ReadRequestFromClient function in server/os/io.c is specifically vulnerable to remote attackers, who can cause a denial of service (crash) via multiple simultaneous connections, triggering a NULL pointer dereference.

Recommendations For nas versions prior to 1.8b, update to version 1.8b or later to resolve the issue. As a temporary workaround, consider restricting access to the ReadRequestFromClient function in server/os/io.c to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-01300

BDU:2015-01301

BDU:2015-01303

BDU:2015-01304

BDU:2015-09562

CVE-2007-1547

DSA-1273-1

Affected Products

Nas

PT-2007-7471 · Network Audio System · Nas

CVE-2007-1547

Related Identifiers

Affected Products

References · 31