• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FreeRADIUS Multiple Remote Vulnerabilities

FreeRADIUS is susceptible to multiple remote vulnerabilities:

- Memory-handling vulnerabilities. These issues may allow remote attackers to crash affected services or possibly execute arbitrary machine code in the context of the vulnerable application.

- File descriptor leak. Attackers may exploit this to gain access to files that they may not normally have access to.

- The LDAP module contains a flaw whereby attacker-specified data may be passed on to the configured LDAP database without proper input sanitization.

These issues are all reported to affect version 1.0.4 of FreeRADIUS; previous versions are also likely vulnerable to one or more of these issues.

**Update: The vendor has posted a response to these issues. Please see "Response to Suse Audit Report on FreeRADIUS" for further details.