[nas] nas: Multiple Vulnerabilities in nas 1.9.3

Erik Auerswald auerswal at unix-ag.uni-kl.de
Thu Aug 8 14:16:18 MDT 2013


On Wed, Aug 07, 2013 at 08:02:52PM -0400, Paul Fox wrote:
> hamid wrote:
>  > Recently i found some vulnerabilities that described below.
>  > Some of them maybe are not so effective but it's better to be fixed.
>  > information, i'll send you at this bugreport
>  > If i can help in the process please let me know.
> thank you hamid.  i'm curious -- how did you find these?  did you
> use an automated tool?
> in any case, i volunteer to clean them up.  (if jon or erik has
> beat me to it, please speak up soon.  :-)

I have a first step in tackling the first reported problem, i.e. buffer
overflow with illegal ':listen port offset' argument. Nasd should ignore
obviously wrong listen port offset values. See the attached patch.

The various string functions should still be changed to not overflow the
given buffers irrespective of input.

If you're willing to restrict the flexibility of your approach,
you can almost always do something better.
                        -- John Carmack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nasd-ignore_obviously_wrong_listen_port_offsets.patch
Type: text/x-diff
Size: 1174 bytes
Desc: not available
URL: <http://radscan.com/pipermail/nas/attachments/20130808/121b77a7/attachment.patch>

More information about the nas mailing list