Информационная безопасность
[RU] switch to English


DoS против Network Audio System
Опубликовано:22 марта 2007 г.
Источник:
SecurityVulns ID:7442
Тип:удаленная
Затронутые продукты:NAS : Network Audio System 1.8
CVE:CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.)
 CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.)
 CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.)
 CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.)
 CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.)
Оригинальный текстdocumentSECURITEAM, [NEWS] Multiple Vulnerabilities In NAS (22.03.2007)
Файлы:Exploits Network Audio System <= 1.8a (svn 231) multiple vulnerabilities

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород