[nas] nas: Multiple Vulnerabilities in nas 1.9.3

Hamid Zamani me at hamidx9.ir
Thu Aug 8 17:22:56 MDT 2013

On 08/09/2013 01:03 AM, Erik Auerswald wrote:

> I have a first step in tackling the first reported problem, i.e. buffer
> overflow with illegal ':listen port offset' argument. Nasd should ignore
> obviously wrong listen port offset values. See the attached patch.

> The various string functions should still be changed to not overflow the
> given buffers irrespective of input.

Well done.

>> ========================================================================
>> Format String Vulnerability may occur at misusing functions like syslog
>> File : server/os/aulog.c: +40
>> Function : osLogMsg
>> ...
>>         openlog("nas", LOG_PID, LOG_DAEMON);
>>         syslog(LOG_DEBUG, buf); // possible format string vulnerability  ,
>> syslog(LOG_DEBUG, %s, buf)
>>         closelog();
> This has been fixed already in svn revision r285 on 2012-01-22. There has
> been no NAS release with this fix yet.
> Thanks,
> Erik

Yes, you are right. sorry for that.
i double checked the svn.
actually moreover the svn repo i checked the Debian source and seems it
has not been updated yet.

Hamid Zamani (aka HAMIDx9)
Ashiyane Digital Security Team

More information about the nas mailing list