IC Radius Buffer Overflow Vulnerability
BID:1147
Info
IC Radius Buffer Overflow Vulnerability
| Bugtraq ID: | 1147 |
| Class: | Unknown |
| CVE: |
CVE-2000-0321 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on April 24, 2000 by Jesse Schachter <[email protected]> |
| Vulnerable: |
ICRadius ICRADIUS 0.14 |
| Not Vulnerable: | |
Discussion
IC Radius Buffer Overflow Vulnerability
A buffer overrun exists in the ICRadius package. At the least, version .14 is affected; prior versions may be affected as well. The overflow stems from the use of the sprintf() function, without regard for the size of the buffer. This allows a remote user to cause the RADIUS daemon to crash, and could possibly be used to execute code on the machine hosting the daemon. IC Radius is a package that integrates a RADIUS (Remote Authentication Dial In User Service) front end with a MySQL backend.
A buffer overrun exists in the ICRadius package. At the least, version .14 is affected; prior versions may be affected as well. The overflow stems from the use of the sprintf() function, without regard for the size of the buffer. This allows a remote user to cause the RADIUS daemon to crash, and could possibly be used to execute code on the machine hosting the daemon. IC Radius is a package that integrates a RADIUS (Remote Authentication Dial In User Service) front end with a MySQL backend.
Exploit / POC
IC Radius Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IC Radius Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
IC Radius Buffer Overflow Vulnerability
References:
References: