FreeRADIUS Multiple Remote Vulnerabilities
FreeRADIUS is susceptible to multiple remote vulnerabilities:
- Memory-handling vulnerabilities. These issues may allow remote attackers to crash affected services or possibly execute arbitrary machine code in the context of the vulnerable application.
- File descriptor leak. Attackers may exploit this to gain access to files that they may not normally have access to.
- The LDAP module contains a flaw whereby attacker-specified data may be passed on to the configured LDAP database without proper input sanitization.
These issues are all reported to affect version 1.0.4 of FreeRADIUS; previous versions are also likely vulnerable to one or more of these issues.
**Update: The vendor has posted a response to these issues. Please see "Response to Suse Audit Report on FreeRADIUS" for further details.