Executive Summary

Informations
Name CVE-2013-4256 First vendor Publication 2013-10-09
Vendor Cve Last vendor Modification 2016-12-31

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4256

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 3

Nessus® Vulnerability Scanner

Date Description
2014-06-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-22.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bf7912f5c1a811e3a5ac001b21614864.nasl - Type : ACT_GATHER_INFO
2013-10-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2771.nasl - Type : ACT_GATHER_INFO
2013-10-02 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1986-1.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-16936.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-16989.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2013-17036.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/61848
CONFIRM http://sourceforge.net/p/nas/code/288
DEBIAN http://www.debian.org/security/2013/dsa-2771
MLIST http://radscan.com/pipermail/nas/2013-August/001270.html
http://www.openwall.com/lists/oss-security/2013/08/16/2
http://www.openwall.com/lists/oss-security/2013/08/19/3
UBUNTU http://www.ubuntu.com/usn/USN-1986-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-04 12:27:11
  • Multiple Updates
2021-04-22 01:32:53
  • Multiple Updates
2020-05-23 00:37:56
  • Multiple Updates
2016-12-31 09:24:18
  • Multiple Updates
2014-06-27 13:26:13
  • Multiple Updates
2014-04-17 13:25:38
  • Multiple Updates
2014-02-17 11:21:53
  • Multiple Updates
2013-10-24 13:22:20
  • Multiple Updates
2013-10-11 00:19:59
  • Multiple Updates
2013-10-10 00:20:00
  • Multiple Updates
2013-10-09 21:21:24
  • First insertion