• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cistron RADIUS Remote Signed NAS-Port Number Expansion Memory Corruption Vulnerability

A remote vulnerability has been discovered in Cistron RADIUS. The problem occurs due to a design error when processing user-supplied data. As a result, an attacker may transmit a signed value which when interperted could cause memory corruption.

The vulnerability occurs due to the incorrect usage of the '%d' format specifier when calling the sprintf() function.

A remote attacker could potentially exploit this issue to seize control of the RADIUS server's execution flow. If successful, this could be leveraged to execute arbitrary code with the privileges of the user invoking the process.