| VID |
12066 |
| Severity |
40 |
| Port |
1812 |
| Protocol |
UDP |
| Class |
RADIUS |
| Detailed Description |
The Yard Radius seems to be vulnerable to a stack-based buffer overflow vulnerability. Yard Radius is a freely-available software that extends and adds features to the Radius Server. Yard Radius versions 1.0.20 and earlier are vulnerable to a stack-based buffer overflow in the process_menu() function. This vulnerability could reportedly be exploited prior to authentication. A remote attacker can trigger a stack overflow and potentially execute arbitrary code on the affected system with root privileges.
* References:
http://securitytracker.com/alerts/2004/Nov/1012325.html
* Platforms Affected:
SourceForge.net, YardRadius 1.0.20 and earlier
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of YardRadius (1.0.21 or later), available from the SourceForge.net Web site at http://yardradius.sourceforge.net/
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of yardradius, as listed in Debian Security Advisory DSA-598-1 at http://www.debian.org/security/2004/dsa-598
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2004-0987 (CVE) |
| Related URL |
11753 (SecurityFocus) |
| Related URL |
18270 (ISS) |
|
