[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Hamid Zamani
me at hamidx9.ir
Thu Aug 8 17:22:56 MDT 2013
On 08/09/2013 01:03 AM, Erik Auerswald wrote:
Hi,
> I have a first step in tackling the first reported problem, i.e. buffer
> overflow with illegal ':listen port offset' argument. Nasd should ignore
> obviously wrong listen port offset values. See the attached patch.
> The various string functions should still be changed to not overflow the
> given buffers irrespective of input.
Well done.
>> ========================================================================
>> Format String Vulnerability may occur at misusing functions like syslog
>>
>> File : server/os/aulog.c: +40
>> Function : osLogMsg
>> ...
>> openlog("nas", LOG_PID, LOG_DAEMON);
>> syslog(LOG_DEBUG, buf); // possible format string vulnerability ,
>> syslog(LOG_DEBUG, %s, buf)
>> closelog();
>
> This has been fixed already in svn revision r285 on 2012-01-22. There has
> been no NAS release with this fix yet.
>
> Thanks,
> Erik
>
Yes, you are right. sorry for that.
i double checked the svn.
actually moreover the svn repo i checked the Debian source and seems it
has not been updated yet.
--
Regards,
Hamid Zamani (aka HAMIDx9)
Ashiyane Digital Security Team
More information about the nas
mailing list