CVE-2013-4256

Name of the Vulnerable Software and Affected Versions Network Audio System (NAS) version 1.9.3

Description The issue involves multiple stack-based and heap-based buffer overflows that can be exploited by local users to cause a denial of service or possibly execute arbitrary code. This can be achieved through various means, including the display command argument to the ProcessCommandLine function, the ResetHosts function, several open functions in connection.c, the AUDIOHOST environment variable to the CreateWellKnownSockets or AmoebaTCPConnectorThread function, and unspecified vectors related to logging in the osLogMsg function. The vulnerability can also be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information.

Recommendations For Network Audio System (NAS) version 1.9.3, consider updating to version 1.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions, such as ProcessCommandLine, ResetHosts, open unix socket, open isc local, open xsight local, open att local, open att svr4 local, CreateWellKnownSockets, AmoebaTCPConnectorThread, and osLogMsg, until a patch is available. Avoid using the AUDIOHOST environment variable in the affected functions until the issue is resolved.