Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Yard_radius | Yard_radius_project | 1.1.2-4 (including) | 1.1.2-4 (including) |
Yardradius | Ubuntu | lucid | * |
Yardradius | Ubuntu | precise | * |
Yardradius | Ubuntu | quantal | * |
Yardradius | Ubuntu | raring | * |
Yardradius | Ubuntu | saucy | * |
Yardradius | Ubuntu | trusty | * |
Yardradius | Ubuntu | upstream | * |