CVE-2007-1544
published 2007-03-20CVE-2007-1544: Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.64%
90.6th percentile
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nas | < nas 1.8-4 (bookworm) | nas 1.8-4 (bookworm) |
| radscan | network_audio_system | — | — |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-49c5-c84r-247p: Integer overflow in the ProcAuWriteElement function in server/dia/audispatch
ghsa_unreviewed·2022-05-01
CVE-2007-1544 [MEDIUM] GHSA-49c5-c84r-247p: Integer overflow in the ProcAuWriteElement function in server/dia/audispatch
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.
OSV
CVE-2007-1544: Integer overflow in the ProcAuWriteElement function in server/dia/audispatch
osv·2007-03-20·CVSS 5.0
CVE-2007-1544 [MEDIUM] CVE-2007-1544: Integer overflow in the ProcAuWriteElement function in server/dia/audispatch
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.
Ubuntu
NAS vulnerabilities
vendor_ubuntu·2007-03-28
CVE-2007-1547 NAS vulnerabilities
Title: NAS vulnerabilities
Summary: NAS vulnerabilities
Luigi Auriemma discovered multiple flaws in the Network Audio System
server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2007-1544: nas - Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c i...
vendor_debian·2007·CVSS 5.0
CVE-2007-1544 [MEDIUM] CVE-2007-1544: nas - Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c i...
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.
Scope: local
bookworm: resolved (fixed in 1.8-4)
bullseye: resolved (fixed in 1.8-4)
forky: resolved (fixed in 1.8-4)
sid: resolved (fixed in 1.8-4)
trixie: resolved (fixed in 1.8-4)
No detection rules found.
No public exploits indexed.
CAPEC
Forced Integer Overflow
mitre_capec
[HIGH] Forced Integer Overflow
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Execution Flow:
Step 1 [Explore]: The first step is exploratory meaning the attacker looks for an integer variable that they can control.
Step 2 [Experiment]: The attacker finds an integer variable that they can write into or manipulate and
http://aluigi.altervista.org/adv/nasbugs-adv.txthttp://secunia.com/advisories/24527http://secunia.com/advisories/24601http://secunia.com/advisories/24628http://secunia.com/advisories/24638http://secunia.com/advisories/24980http://security.gentoo.org/glsa/glsa-200704-20.xmlhttp://www.debian.org/security/2007/dsa-1273http://www.mandriva.com/security/advisories?name=MDKSA-2007:065http://www.radscan.com/nas/HISTORYhttp://www.securityfocus.com/archive/1/464606/30/7230/threadedhttp://www.securityfocus.com/bid/23017http://www.securitytracker.com/id?1017822http://www.ubuntu.com/usn/usn-446-1http://www.vupen.com/english/advisories/2007/0997https://exchange.xforce.ibmcloud.com/vulnerabilities/33051http://aluigi.altervista.org/adv/nasbugs-adv.txthttp://secunia.com/advisories/24527http://secunia.com/advisories/24601http://secunia.com/advisories/24628http://secunia.com/advisories/24638http://secunia.com/advisories/24980http://security.gentoo.org/glsa/glsa-200704-20.xmlhttp://www.debian.org/security/2007/dsa-1273http://www.mandriva.com/security/advisories?name=MDKSA-2007:065http://www.radscan.com/nas/HISTORYhttp://www.securityfocus.com/archive/1/464606/30/7230/threadedhttp://www.securityfocus.com/bid/23017http://www.securitytracker.com/id?1017822http://www.ubuntu.com/usn/usn-446-1http://www.vupen.com/english/advisories/2007/0997https://exchange.xforce.ibmcloud.com/vulnerabilities/33051
2007-03-20
Published