Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 171428 - media-libs/nas < 1.8b multiple vulnerabilities (CVE-2007-154[34567])
Summary: media-libs/nas < 1.8b multiple vulnerabilities (CVE-2007-154[34567])
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/24527/
Whiteboard: B1 [glsa] p-y
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-19 11:32 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2020-03-11 08:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-03-19 11:32:54 UTC
Luigi Auriemma has reported some vulnerabilities in Network Audio
System, which potentially can be exploited by malicious, local users
to gain escalated privileges or by malicious people to cause a DoS
(Denial of Service).

1) A boundary error within "accept_att_local()" in
server/os/connection.c can be exploited to cause a stack-based buffer
overflow via an overly long (greater than 64 bytes) slave name in a
USL connection.

Successful exploitation may allow malicious, local users to gain root
privileges.

2) An input validation error within "AddResource()" in
server/dia/resource.c can be exploited to cause the service to crash
via a specially crafted packet with an invalid client ID.

3) An integer-overflow error within "ProcAuWriteElement()" in
server/dia/audispatch.c can be exploited to cause the service to
crash via a specially crafted packet with an overly large max_samples
value.

4) A boundary error within "ProcAuSetElements()" in
server/dia/audispatch.c can be exploited to cause the service to
crash via a specially crafted packet with an overly large num_actions
or numElements value.

5) An input validation error within "compileInputs()" in
server/dia/auutil.c can be exploited to cause the service to crash
via a specially crafted packet with an invalid element number.

6) A NULL-pointer dereference error within when processing
simultaneous connections can be exploited to cause the service to
crash.

The vulnerabilities are reported in version 1.8a. Other versions may
also be affected.

SOLUTION:
Fixed in the SVN repository.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-02 13:44:29 UTC
ping sound
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2007-04-02 14:30:05 UTC
media-libs/nas-1.8b is in CVS which is released to address these issues, however it needs proper testing..

archs teams, test & stabilize non-vulnerable media-libs/nas-1.8b
Comment 3 Markus Rothe (RETIRED) gentoo-dev 2007-04-02 18:05:21 UTC
ppc64 stable
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2007-04-02 18:08:32 UTC
x86 + ia64 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2007-04-02 18:14:41 UTC
ppc stable
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-02 21:06:43 UTC
updating CVE ids list:
CVE-2007-1543
CVE-2007-1544
CVE-2007-1545
CVE-2007-1546
CVE-2007-1547
Comment 7 Samuli Suominen (RETIRED) gentoo-dev 2007-04-03 12:14:02 UTC
hppa seems to be done..
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2007-04-03 17:11:00 UTC
sparc stable.
Comment 9 Christoph Mende (RETIRED) gentoo-dev 2007-04-06 18:11:18 UTC
emerges fine and works on amd64

Portage 2.1.2.2 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.20-beyond2 x86_64)
=================================================================
System uname: 2.6.20-beyond2 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Gentoo Base System release 1.12.9
Timestamp of tree: Thu, 05 Apr 2007 13:20:01 +0000
ccache version 2.4 [enabled]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -msse3 -w"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -msse3 -w"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--quiet"
FEATURES="buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ "
LANG="en_US.ISO8859-15"
LC_ALL="en_US.ISO8859-15"
MAKEOPTS="-j3 -l3 -s --no-print-directory"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acpi alsa amd64 amr audiofile berkdb bitmap-fonts bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus dri dts dvd dvdr dvdread emboss encode fam firefox fortran gdbm gif gpm gstreamer gtk gtk2 hal iconv jpeg libg++ logrotate mad midi mikmod mp3 mpeg ncurses nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection sdl session smp spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts unicode v4l vim vorbis x264 xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Comment 10 Peter Weller (RETIRED) gentoo-dev 2007-04-06 19:43:45 UTC
amd64 stable :)
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2007-04-12 13:56:30 UTC
alpha??
Comment 12 Fernando J. Pereda (RETIRED) gentoo-dev 2007-04-12 14:04:14 UTC
Alpha done. Sorry for the delay.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-27 11:40:29 UTC
closing with GLSA 200704-20, thanks everyone.
arm/mips/sh: don't forget to mark nas-1.8b stable when you can.