Summary
Hamid Zamani discovered multiple security problems (buffer overflows, format string vulnerabilities and missing input sanitising), which could lead to the execution of arbitrary code.
Solution
For the oldstable distribution (squeeze), these problems have been fixed in version 1.9.2-4squeeze1.
For the stable distribution (wheezy), these problems have been fixed in version 1.9.3-5wheezy1.
For the testing distribution (jessie), these problems have been fixed in version 1.9.3-6.
For the unstable distribution (sid), these problems have been fixed in version 1.9.3-6.
We recommend that you upgrade your nas packages.
Insight
The Network Audio System (NAS) was developed by NCD for playing, recording, and manipulating audio data over a network. Like the X Window System, it uses the client/server model to separate applications from the specific drivers that control audio input and output devices.
Affected
nas on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4256, CVE-2013-4257, CVE-2013-4258 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities