CVE-2007-1543
published 2007-03-20CVE-2007-1543: Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote…
PriorityP349critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.02%
94.0th percentile
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nas | < nas 1.8-4 (bookworm) | nas 1.8-4 (bookworm) |
| radscan | network_audio_system | — | — |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
NAS vulnerabilities
vendor_ubuntu·2007-03-28
CVE-2007-1547 NAS vulnerabilities
Title: NAS vulnerabilities
Summary: NAS vulnerabilities
Luigi Auriemma discovered multiple flaws in the Network Audio System
server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2007-1543: nas - Stack-based buffer overflow in the accept_att_local function in server/os/connec...
vendor_debian·2007·CVSS 10.0
CVE-2007-1543 [CRITICAL] CVE-2007-1543: nas - Stack-based buffer overflow in the accept_att_local function in server/os/connec...
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.
Scope: local
bookworm: resolved (fixed in 1.8-4)
bullseye: resolved (fixed in 1.8-4)
forky: resolved (fixed in 1.8-4)
sid: resolved (fixed in 1.8-4)
trixie: resolved (fixed in 1.8-4)
GHSA
GHSA-h8rc-m7qp-g98c: Stack-based buffer overflow in the accept_att_local function in server/os/connection
ghsa_unreviewed·2022-05-01
CVE-2007-1543 [HIGH] GHSA-h8rc-m7qp-g98c: Stack-based buffer overflow in the accept_att_local function in server/os/connection
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.
OSV
CVE-2007-1543: Stack-based buffer overflow in the accept_att_local function in server/os/connection
osv·2007-03-20·CVSS 10.0
CVE-2007-1543 [CRITICAL] CVE-2007-1543: Stack-based buffer overflow in the accept_att_local function in server/os/connection
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.
No detection rules found.
No public exploits indexed.
http://aluigi.altervista.org/adv/nasbugs-adv.txthttp://secunia.com/advisories/24527http://secunia.com/advisories/24601http://secunia.com/advisories/24628http://secunia.com/advisories/24638http://secunia.com/advisories/24783http://secunia.com/advisories/24980http://security.gentoo.org/glsa/glsa-200704-20.xmlhttp://www.debian.org/security/2007/dsa-1273http://www.mandriva.com/security/advisories?name=MDKSA-2007:065http://www.radscan.com/nas/HISTORYhttp://www.securityfocus.com/archive/1/464606/30/7230/threadedhttp://www.securityfocus.com/bid/23017http://www.securitytracker.com/id?1017822http://www.ubuntu.com/usn/usn-446-1http://www.vupen.com/english/advisories/2007/0997https://exchange.xforce.ibmcloud.com/vulnerabilities/33047https://issues.rpath.com/browse/RPL-1155http://aluigi.altervista.org/adv/nasbugs-adv.txthttp://secunia.com/advisories/24527http://secunia.com/advisories/24601http://secunia.com/advisories/24628http://secunia.com/advisories/24638http://secunia.com/advisories/24783http://secunia.com/advisories/24980http://security.gentoo.org/glsa/glsa-200704-20.xmlhttp://www.debian.org/security/2007/dsa-1273http://www.mandriva.com/security/advisories?name=MDKSA-2007:065http://www.radscan.com/nas/HISTORYhttp://www.securityfocus.com/archive/1/464606/30/7230/threadedhttp://www.securityfocus.com/bid/23017http://www.securitytracker.com/id?1017822http://www.ubuntu.com/usn/usn-446-1http://www.vupen.com/english/advisories/2007/0997https://exchange.xforce.ibmcloud.com/vulnerabilities/33047https://issues.rpath.com/browse/RPL-1155
2007-03-20
Published