CVE-2013-4256
CVSS V2 Medium 4.6
CVSS V3 None
Description
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
Overview
- CVE ID
- CVE-2013-4256
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2013-10-09T14:54:25
- Last Modified Date
- 2016-12-31T02:59:04
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:radscan:network_audio_system:1.9.3:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 4.6
- Severity
- MEDIUM
- Exploitability Score
- 3.9
- Impact Score
- 6.4
References
Reference URL | Reference Tags |
---|---|
http://www.openwall.com/lists/oss-security/2013/08/16/2 | Patch |
http://www.ubuntu.com/usn/USN-1986-1 | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2013/08/19/3 | Patch |
http://radscan.com/pipermail/nas/2013-August/001270.html | Exploit |
http://sourceforge.net/p/nas/code/288 | Exploit Patch |
http://www.debian.org/security/2013/dsa-2771 | |
http://www.securityfocus.com/bid/61848 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2013-4256 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4256 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 09:54:03 | Added to TrackCVE | |||
2022-12-01 20:03:56 | 2013-10-09T14:54Z | 2013-10-09T14:54:25 | CVE Published Date | updated |
2022-12-01 20:03:56 | 2016-12-31T02:59:04 | CVE Modified Date | updated | |
2022-12-01 20:03:56 | Modified | Vulnerability Status | updated |