Multiple Vendor RADIUS Digest Calculation Buffer Overflow Vulnerability

A vulnerability has been discovered in multiple RADIUS implementations.

Affected products contain a buffer overflow error in a function used to calculate a message digest. This is due to insufficient bounds checking on a string that is concatenated with shared secret data.

Successful exploitation will most likely result in a denial of service.

If the shared secret is known to the attacker, this condition may potentially be exploited to execute arbitrary attacker-supplied instructions with the privileges of the RADIUS server or client(in most cases root privileges).

It has been reported that in some cases, it may be possible for a remote attacker to execute arbitrary instructions without having knowledge of the shared secret. This is allegedly the case with the GNU Radius and Cistron Radius implementations.


Privacy Statement
Copyright 2010, SecurityFocus