CVE-2013-4256
published 2013-10-09CVE-2013-4256: Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly…
PriorityP425medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.70%
48.6th percentile
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | nas | < nas 1.9.3-6 (bookworm) | nas 1.9.3-6 (bookworm) |
| radscan | network_audio_system | — | — |
| starwindsoftware | nas | >= 0 < 1.9.3-6 | 1.9.3-6 |
| starwindsoftware | nas | >= 0 < 1.9.3-6 | 1.9.3-6 |
| starwindsoftware | nas | >= 0 < 1.9.3-6 | 1.9.3-6 |
| starwindsoftware | nas | >= 0 < 1.9.3-6 | 1.9.3-6 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-whq2-g3c2-x5j3: Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1
ghsa_unreviewed·2022-05-17
CVE-2013-4256 [MEDIUM] CWE-119 GHSA-whq2-g3c2-x5j3: Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
OSV
CVE-2013-4256: Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1
osv·2013-10-09·CVSS 4.6
CVE-2013-4256 [MEDIUM] CVE-2013-4256: Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
Ubuntu
Network Audio System (NAS) vulnerabilities
vendor_ubuntu·2013-10-01·CVSS 4.6
CVE-2013-4256 [MEDIUM] Network Audio System (NAS) vulnerabilities
Title: Network Audio System (NAS) vulnerabilities
Summary: Several security issues were fixed in Network Audio System (NAS).
Hamid Zamani discovered multiple security issues in the Network Audio
System (NAS) server. An attacker could possibly use these issues to cause a
denial of service or execute arbitrary code. (CVE-2013-4256, CVE-2013-4257)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2013-4256: nas - Multiple stack-based and heap-based buffer overflows in Network Audio System (NA...
vendor_debian·2013·CVSS 4.6
CVE-2013-4256 [MEDIUM] CVE-2013-4256: nas - Multiple stack-based and heap-based buffer overflows in Network Audio System (NA...
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
Scope: local
bookworm: resolved (fixed in 1.9.3-6)
bullseye: resolved (fixed in 1.9.3-6)
forky: resol
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://radscan.com/pipermail/nas/2013-August/001270.htmlhttp://sourceforge.net/p/nas/code/288http://www.debian.org/security/2013/dsa-2771http://www.openwall.com/lists/oss-security/2013/08/16/2http://www.openwall.com/lists/oss-security/2013/08/19/3http://www.securityfocus.com/bid/61848http://www.ubuntu.com/usn/USN-1986-1http://radscan.com/pipermail/nas/2013-August/001270.htmlhttp://sourceforge.net/p/nas/code/288http://www.debian.org/security/2013/dsa-2771http://www.openwall.com/lists/oss-security/2013/08/16/2http://www.openwall.com/lists/oss-security/2013/08/19/3http://www.securityfocus.com/bid/61848http://www.ubuntu.com/usn/USN-1986-1
2013-10-09
Published