Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Yard_radius | Yard_radius_project | 1.1.2-4 (including) | 1.1.2-4 (including) |
| Yardradius | Ubuntu | lucid | * |
| Yardradius | Ubuntu | precise | * |
| Yardradius | Ubuntu | quantal | * |
| Yardradius | Ubuntu | raring | * |
| Yardradius | Ubuntu | saucy | * |
| Yardradius | Ubuntu | trusty | * |
| Yardradius | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612
- http://cxsecurity.com/issue/WLB-2013070028
- http://osvdb.org/95518
- http://seclists.org/oss-sec/2013/q3/145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85892
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612
- http://cxsecurity.com/issue/WLB-2013070028
- http://osvdb.org/95518
- http://seclists.org/oss-sec/2013/q3/145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85892