Bugtraq mailing list archives
FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution
From: sapheal () hack pl
Date: Tue, 2 Jan 2007 13:10:50 +0100
Synopsis: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution Product: FreeRadius Version: <=1.1.3 Issue: ====== A critical security vulnerability has been found in FreeRadius 1.1.3. Arbitrary code execution is possible due to improper bounds-checking. Details: ======== Function of the prototype: SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, char *server, char *NTdomain) when initializing (con->desthost) where con is SMB_Handle_Type class object does not check for bounds. Affected Versions ================= FreeRadius <=1.1.3 Kind regards, Michal Bucko (sapheal) hack.pl
Current thread:
- FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution sapheal (Jan 02)