GNU Radius SQLLog Remote Format String Vulnerability
BID:21303
Info
GNU Radius SQLLog Remote Format String Vulnerability
| Bugtraq ID: | 21303 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-4181 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 27 2006 12:00AM |
| Updated: | Dec 14 2006 06:18PM |
| Credit: | The discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
GNU Radius 1.3 GNU Radius 1.2 Gentoo Linux |
| Not Vulnerable: |
GNU Radius 1.4 |
Discussion
GNU Radius SQLLog Remote Format String Vulnerability
GNU Radius is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary code with superuser privileges, since the daemon typically runs with elevated privileges. This facitates the complete compromise of affected computers.
GNU Radius versions 1.2 and 1.3 are vulnerable to this issue; other versions may also be affected.
GNU Radius is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary code with superuser privileges, since the daemon typically runs with elevated privileges. This facitates the complete compromise of affected computers.
GNU Radius versions 1.2 and 1.3 are vulnerable to this issue; other versions may also be affected.
Exploit / POC
GNU Radius SQLLog Remote Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
GNU Radius SQLLog Remote Format String Vulnerability
Solution:
The vendor has released version 1.4 to address this issue.
Please see the referenced advisories for further information.
GNU Radius 1.2
GNU Radius 1.3
Solution:
The vendor has released version 1.4 to address this issue.
Please see the referenced advisories for further information.
GNU Radius 1.2
-
GNU radius-1.4.tar.bz2
ftp://ftp.gnu.org/gnu/radius/radius-1.4.tar.bz2
GNU Radius 1.3
-
GNU radius-1.4.tar.bz2
ftp://ftp.gnu.org/gnu/radius/radius-1.4.tar.bz2
References
GNU Radius SQLLog Remote Format String Vulnerability
References:
References:
- Radius Homepage (GNU)
- iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability (iDefense Labs