[nas] nas: Multiple Vulnerabilities in nas 1.9.3
auerswal at unix-ag.uni-kl.de
Thu Aug 8 14:33:59 MDT 2013
On Wed, Aug 07, 2013 at 02:14:44PM +0430, Hamid Zamani wrote:
> Subject: nas: Multiple Vulnerabilities in nas 1.9.3
> Package: nas
> Version: 1.9.3-5
> Dear Maintainer,
> Recently i found some vulnerabilities that described below.
Thanks for reporting those!
> Format String Vulnerability may occur at misusing functions like syslog
> File : server/os/aulog.c: +40
> Function : osLogMsg
> openlog("nas", LOG_PID, LOG_DAEMON);
> syslog(LOG_DEBUG, buf); // possible format string vulnerability ,
> syslog(LOG_DEBUG, %s, buf)
This has been fixed already in svn revision r285 on 2012-01-22. There has
been no NAS release with this fix yet.
In the beginning, there were not enough colors.
-- Guy Keren
More information about the nas