CVE-2007-1545
published 2007-03-20CVE-2007-1545: The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.43%
82.2th percentile
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nas | < nas 1.8-4 (bookworm) | nas 1.8-4 (bookworm) |
| radscan | network_audio_system | — | — |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
| starwindsoftware | nas | >= 0 < 1.8-4 | 1.8-4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
NAS vulnerabilities
vendor_ubuntu·2007-03-28
CVE-2007-1547 NAS vulnerabilities
Title: NAS vulnerabilities
Summary: NAS vulnerabilities
Luigi Auriemma discovered multiple flaws in the Network Audio System
server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2007-1545: nas - The AddResource function in server/dia/resource.c in Network Audio System (NAS) ...
vendor_debian·2007·CVSS 5.0
CVE-2007-1545 [MEDIUM] CVE-2007-1545: nas - The AddResource function in server/dia/resource.c in Network Audio System (NAS) ...
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.
Scope: local
bookworm: resolved (fixed in 1.8-4)
bullseye: resolved (fixed in 1.8-4)
forky: resolved (fixed in 1.8-4)
sid: resolved (fixed in 1.8-4)
trixie: resolved (fixed in 1.8-4)
GHSA
GHSA-hj2c-gc73-vcr4: The AddResource function in server/dia/resource
ghsa_unreviewed·2022-05-01
CVE-2007-1545 [MEDIUM] GHSA-hj2c-gc73-vcr4: The AddResource function in server/dia/resource
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.
OSV
CVE-2007-1545: The AddResource function in server/dia/resource
osv·2007-03-20·CVSS 5.0
CVE-2007-1545 [MEDIUM] CVE-2007-1545: The AddResource function in server/dia/resource
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.
No detection rules found.
No public exploits indexed.
http://aluigi.altervista.org/adv/nasbugs-adv.txthttp://secunia.com/advisories/24527http://secunia.com/advisories/24601http://secunia.com/advisories/24628http://secunia.com/advisories/24638http://secunia.com/advisories/24980http://security.gentoo.org/glsa/glsa-200704-20.xmlhttp://www.debian.org/security/2007/dsa-1273http://www.mandriva.com/security/advisories?name=MDKSA-2007:065http://www.radscan.com/nas/HISTORYhttp://www.securityfocus.com/archive/1/464606/30/7230/threadedhttp://www.securityfocus.com/bid/23017http://www.securitytracker.com/id?1017822http://www.ubuntu.com/usn/usn-446-1http://www.vupen.com/english/advisories/2007/0997https://exchange.xforce.ibmcloud.com/vulnerabilities/33050http://aluigi.altervista.org/adv/nasbugs-adv.txthttp://secunia.com/advisories/24527http://secunia.com/advisories/24601http://secunia.com/advisories/24628http://secunia.com/advisories/24638http://secunia.com/advisories/24980http://security.gentoo.org/glsa/glsa-200704-20.xmlhttp://www.debian.org/security/2007/dsa-1273http://www.mandriva.com/security/advisories?name=MDKSA-2007:065http://www.radscan.com/nas/HISTORYhttp://www.securityfocus.com/archive/1/464606/30/7230/threadedhttp://www.securityfocus.com/bid/23017http://www.securitytracker.com/id?1017822http://www.ubuntu.com/usn/usn-446-1http://www.vupen.com/english/advisories/2007/0997https://exchange.xforce.ibmcloud.com/vulnerabilities/33050
2007-03-20
Published