Title : Nas v1.9.3 Multiple Vulnerabilites
Author : Ashiyane Digital Security Team
Package : NAS ( Network Audio System)
Version : 1.9.3
Software Link : https://sourceforge.net/projects/nas/
Vendor : http://radscan.com/nas.html
CVEs : CVE-2013-4256, CVE-2013-4257, CVE-2013-4258

Package Description :

The Network Audio System is a network transparent, client/server audio transport system. It can be described as the audio equivalent of an X server. 

Vulnerabilities details :

Recently several security flaws were discovered in latest version of `nasd` as explained briefly at the following link :

http://radscan.com/pipermail/nas/2013-August/001270.html

Fixes on Upstream :

https://sourceforge.net/p/nas/code/288/
https://sourceforge.net/p/nas/code/287/tree//trunk/server/os/utils.c?diff=517ad7dc2718467b12eafbad:286
https://sourceforge.net/p/nas/code/289/tree//trunk/server/os/connection.c?diff=517ad7dc2718467b12eafbad:288

TimeLine : 

2013/08/07 - Vulnerabilities Discovered
2013/08/07 - Vendor notified
2013/08/07 | 15 - Vendor provided fixes
2013/08/20 - Published

Solution : 

Fixed version will be ready soon.

Links :

http://radscan.com/pipermail/nas/2013-August/001270.html
http://www.openwall.com/lists/oss-security/2013/08/16/2
https://sourceforge.net/p/nas/code/288/

# Discovered and Reported By : Hamid Zamani (aka HAMIDx9)