IC Radius Buffer Overflow Vulnerability

A buffer overrun exists in the ICRadius package. At the least, version .14 is affected; prior versions may be affected as well. The overflow stems from the use of the sprintf() function, without regard for the size of the buffer. This allows a remote user to cause the RADIUS daemon to crash, and could possibly be used to execute code on the machine hosting the daemon. IC Radius is a package that integrates a RADIUS (Remote Authentication Dial In User Service) front end with a MySQL backend.


Privacy Statement
Copyright 2010, SecurityFocus