[nas] nas: Multiple Vulnerabilities in nas 1.9.3

Hamid Zamani me at hamidx9.ir
Thu Aug 8 17:22:56 MDT 2013


On 08/09/2013 01:03 AM, Erik Auerswald wrote:
Hi,

> I have a first step in tackling the first reported problem, i.e. buffer
> overflow with illegal ':listen port offset' argument. Nasd should ignore
> obviously wrong listen port offset values. See the attached patch.

> The various string functions should still be changed to not overflow the
> given buffers irrespective of input.

Well done.

>> ========================================================================
>> Format String Vulnerability may occur at misusing functions like syslog
>>
>> File : server/os/aulog.c: +40
>> Function : osLogMsg
>> ...
>>         openlog("nas", LOG_PID, LOG_DAEMON);
>>         syslog(LOG_DEBUG, buf); // possible format string vulnerability  ,
>> syslog(LOG_DEBUG, %s, buf)
>>         closelog();
> 
> This has been fixed already in svn revision r285 on 2012-01-22. There has
> been no NAS release with this fix yet.
> 
> Thanks,
> Erik
> 

Yes, you are right. sorry for that.
i double checked the svn.
actually moreover the svn repo i checked the Debian source and seems it
has not been updated yet.

-- 
Regards,
Hamid Zamani (aka HAMIDx9)
Ashiyane Digital Security Team


More information about the nas mailing list