Lucent RADIUS Format String Vulnerability

The Lucent RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources. The package is no longer maintained by Lucent, and is public domain.

A problem with the software package makes it possible for remote users to execute arbitrary code. The package contains numerous format string vulnerabilities, which may allow an attacker to use format specifiers to write almost arbitrary values to an almost arbitrary location in memory.


Privacy Statement
Copyright 2010, SecurityFocus