Multiple Vendor RADIUS Digest Calculation Buffer Overflow Vulnerability

Multiple Vendor RADIUS Digest Calculation Buffer Overflow Vulnerability

A vulnerability has been discovered in multiple RADIUS implementations.

Affected products contain a buffer overflow error in a function used to calculate a message digest. This is due to insufficient bounds checking on a string that is concatenated with shared secret data.

Successful exploitation will most likely result in a denial of service.

If the shared secret is known to the attacker, this condition may potentially be exploited to execute arbitrary attacker-supplied instructions with the privileges of the RADIUS server or client(in most cases root privileges).

It has been reported that in some cases, it may be possible for a remote attacker to execute arbitrary instructions without having knowledge of the shared secret. This is allegedly the case with the GNU Radius and Cistron Radius implementations.