Merit RADIUS Buffer Overflow Vulnerability

Merit RADIUS Buffer Overflow Vulnerability

The Merit RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources.

Numerous buffer overflows have been discovered in the package, which could allow a user to exploit the radius daemon. The radius daemon by default runs as UID root. A remote user may be able to overwrite stack variables, including the return address.

This makes it possible for a remote user to execute arbitrary code, and potentially gain local root access.