[nas] NAS 1.8b (devel) is available

Steve McIntyre steve at einval.com
Mon Mar 26 09:26:50 MDT 2007


On Sun, Mar 25, 2007 at 03:59:16PM -0600, Jon Trulson wrote:
>
>    - fix a variety of problems that could result in a denial of
>      service by crashing the nasd server.  These attacks were
>      researched by Luigi Auriemma, who also provided a description of
>      the attacks and an exploit program, 'nasbugs'.
>
>      I have added his emailed report and the test attack code to the
>      nas repository in contrib/nasbugs if you are interested.  Thanks
>      to Luigi for finding these problems.  It sucked fixing them :)
>
>      Here is a list of the bugs tested as output by the nasbugs
>      program:
>
>      1 = accept_att_local buffer overflow through USL connection
>      2 = server termination through unexistent ID in AddResource
>      3 = bcopy crash caused by integer overflow in ProcAuWriteElement
>      4 = invalid memory pointer caused by big num_actions in 
>      ProcAuSetElements
>      5 = another invalid memory pointer caused by big num_actions in
>          ProcAuSetElements
>      6 = invalid memory pointer in compileInputs
>      7 = exploits bug 3 in read mode (requires something playing on
>          the server)
>      8 = NULL pointer caused by too much connections
>
>      Note on bug #2, X11 display servers should be vulnerable to a
>      DOS of this type as well (causing fatal 'client not in use'
>      errors in AddResource()).
>
>      Note on bug #8, the nasd server will not be able to accept
>      further client connections when the client table is full, until
>      the rejected clients disconnect their end of the socket and the
>      neccessary fd's are freed up.  It's better than coring though.

Patched versions with these fixes are in Debian unstable now, and
updates are building for the stable release right this minute.

Jon, I'd like to say publically: thanks *very* much for your handling
of the changes here. Just as I was looking for what I needed to do for
the older versions that we're shipping at the moment, you made the
1.8b release. Picking up on the changes needed has been a doddle, as
all the fixes are entirely clear and well-commented. Yay! If only some
of our other upstream developers could be as good... :-)

As soon as you release 1.9 I'll be updating to match in unstable.

-- 
Steve McIntyre, Cambridge, UK.                                steve at einval.com
You raise the blade, you make the change... You re-arrange me 'til I'm sane...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://radscan.com/pipermail/nas/attachments/20070326/482a8ed1/attachment.pgp>


More information about the Nas mailing list