[nas] NAS 1.8b (devel) is available

Jon Trulson jon at radscan.com
Sun Mar 25 15:59:16 MDT 2007 

at the usual places: http://radscan.com/nas.html
                      svn://radscan.com/nas/tags/nas-1.8b

    This should become a 1.9 stable release in about 2 weeks.

    This version corrects several DOS vulnerabilities in the nasd
    server, and fixes a few other issues with the voxware server.

    Also in this version, by default, input devices are open read-only
    and output devices write-only.

    This is a good one for dist maintainers to look at.

    Here's the HISTORY chunk for this release:

Version 1.8b (devel) 11/27/2007

     - 1.8b devel release.  Final 1.9 in about 2 weeks, barring any
       catastrophes.

     - fix a variety of problems that could result in a denial of
       service by crashing the nasd server.  These attacks were
       researched by Luigi Auriemma, who also provided a description of
       the attacks and an exploit program, 'nasbugs'.

       I have added his emailed report and the test attack code to the
       nas repository in contrib/nasbugs if you are interested.  Thanks
       to Luigi for finding these problems.  It sucked fixing them :)

       Here is a list of the bugs tested as output by the nasbugs
       program:

       1 = accept_att_local buffer overflow through USL connection
       2 = server termination through unexistent ID in AddResource
       3 = bcopy crash caused by integer overflow in ProcAuWriteElement
       4 = invalid memory pointer caused by big num_actions in ProcAuSetElements
       5 = another invalid memory pointer caused by big num_actions in
           ProcAuSetElements
       6 = invalid memory pointer in compileInputs
       7 = exploits bug 3 in read mode (requires something playing on
           the server)
       8 = NULL pointer caused by too much connections

       Note on bug #2, X11 display servers should be vulnerable to a
       DOS of this type as well (causing fatal 'client not in use'
       errors in AddResource()).

       Note on bug #8, the nasd server will not be able to accept
       further client connections when the client table is full, until
       the rejected clients disconnect their end of the socket and the
       neccessary fd's are freed up.  It's better than coring though.

     - set the default open modes for the output audio device to
       write-only, and for the input device, use read-only (already the
       default).

       These can still be changed in the nasd.conf file, if needed.

       Previously, the default was to open the output device
       read-write, causing various issues with different
       hardware/driver configurations.  There is no need to open this
       device read-write anyway.

     - apply patch from Paul Fox, correcting a typo in auvoxware.c

     - apply patch from Erik Auerswald

       "With the attached patch the output and input device can be
       disabled by specifying an empty string as device name. Yes, when
       using an empty string for both devices there will be a NAS
       server that can neither play nor record anything."


-- 
Jon Trulson
mailto:jon at radscan.com 
#include <std/disclaimer.h>
"No Kill I" -Horta

More information about the Nas mailing list