FreeRADIUS Multiple Remote Vulnerabilities

FreeRADIUS is susceptible to multiple remote vulnerabilities:

- Memory-handling vulnerabilities. These issues may allow remote attackers to crash affected services or possibly execute arbitrary machine code in the context of the vulnerable application.

- File descriptor leak. Attackers may exploit this to gain access to files that they may not normally have access to.

- The LDAP module contains a flaw whereby attacker-specified data may be passed on to the configured LDAP database without proper input sanitization.

These issues are all reported to affect version 1.0.4 of FreeRADIUS; previous versions are also likely vulnerable to one or more of these issues.

**Update: The vendor has posted a response to these issues. Please see "Response to Suse Audit Report on FreeRADIUS" for further details.


Privacy Statement
Copyright 2010, SecurityFocus