Launchpad.net

CVE 2007-1543

Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.

Related bugs and status

CVE-2007-1543 (Candidate) is related to these bugs:

Bug #96723: [Sync request] Sync nas (1.8-4) from Debian unstable (main)

		In	Importance	Status
96723	[Sync request] Sync nas (1.8-4) from Debian unstable (main)	nas (Ubuntu)	Low	Fix Released
96723	[Sync request] Sync nas (1.8-4) from Debian unstable (main)	nas (Ubuntu Breezy)	Low	Fix Released
96723	[Sync request] Sync nas (1.8-4) from Debian unstable (main)	nas (Ubuntu Dapper)	Low	Fix Released
96723	[Sync request] Sync nas (1.8-4) from Debian unstable (main)	nas (Ubuntu Edgy)	Low	Fix Released
96723	[Sync request] Sync nas (1.8-4) from Debian unstable (main)	nas (Ubuntu Feisty)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://aluigi.altervis...
BID: 23017
SECUNIA: 24527
DEBIAN: DSA-1273
MANDRIVA: MDKSA-2007:065
UBUNTU: USN-446-1
SECUNIA: 24601
SECUNIA: 24628
SECUNIA: 24638
CONFIRM: http://www.radscan.com...
SECTRACK: 1017822
CONFIRM: https://issues.rpath.c...
GENTOO: GLSA-200704-20
SECUNIA: 24980
SECUNIA: 24783
VUPEN: ADV-2007-0997
XF: nas-uslsocket-bo(33047)
BUGTRAQ: 20070403 FLEA-2007-000...