• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Livingston RADIUS Accounting Hostname Resolution Buffer Overflow Vulnerability

Livingston Remote Authentication Dial In User Service (RADIUS) server is the Livingston implementation of the RFC 2138 defined protocol. It is available for the Unix and Linux operating systems.

A buffer overflow in Livingston RADIUS has been discovered. Due to insufficient bounds checking in the accounting portion of the software, a buffer overflow may occur when an attempt to authenticate is made by a host with a hostname of excessive length. This could result in the execution of arbitrary code contained in a malicious hostname.