Multiple Vendor RADIUS Digest Calculation Buffer Overflow Vulnerability
A vulnerability has been discovered in multiple RADIUS implementations.
Affected products contain a buffer overflow error in a function used to calculate a message digest. This is due to insufficient bounds checking on a string that is concatenated with shared secret data.
Successful exploitation will most likely result in a denial of service.
If the shared secret is known to the attacker, this condition may potentially be exploited to execute arbitrary attacker-supplied instructions with the privileges of the RADIUS server or client(in most cases root privileges).
It has been reported that in some cases, it may be possible for a remote attacker to execute arbitrary instructions without having knowledge of the shared secret. This is allegedly the case with the GNU Radius and Cistron Radius implementations.