CVE-2013-4256

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/08/16/2	Patch
http://www.ubuntu.com/usn/USN-1986-1	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/08/19/3	Patch
http://radscan.com/pipermail/nas/2013-August/001270.html	Exploit
http://sourceforge.net/p/nas/code/288	Exploit Patch
http://www.debian.org/security/2013/dsa-2771
http://www.securityfocus.com/bid/61848

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*

Configuration 2 (hide)

cpe:2.3:a:radscan:network_audio_system:1.9.3:*:*:*:*:*:*:*

Information

Published : 2013-10-09 07:54

Updated : 2016-12-30 18:59

NVD link : CVE-2013-4256

Mitre link : CVE-2013-4256

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

radscan

network_audio_system

canonical

ubuntu_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2013/08/16/2", "name": "[oss-security] 20130816 CVE Request : NAS v1.9.3 multiple Vulnerabilites", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://www.ubuntu.com/usn/USN-1986-1", "name": "USN-1986-1", "tags": ["Vendor Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.openwall.com/lists/oss-security/2013/08/19/3", "name": "[oss-security] 20130819 Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://radscan.com/pipermail/nas/2013-August/001270.html", "name": "[nas] 20130807 nas: Multiple Vulnerabilities in nas 1.9.3", "tags": ["Exploit"], "refsource": "MLIST"}, {"url": "http://sourceforge.net/p/nas/code/288", "name": "http://sourceforge.net/p/nas/code/288", "tags": ["Exploit", "Patch"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2013/dsa-2771", "name": "DSA-2771", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.securityfocus.com/bid/61848", "name": "61848", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4256", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-10-09T14:54Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:radscan:network_audio_system:1.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-31T02:59Z"}

4.6 /10