CVE-2007-0080: Buffer Overflow
First published: Fri Jan 05 2007(Updated: )
** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeRADIUS FreeRADIUS | <=1.1.3 | |
| FreeRADIUS | <=1.1.3 | |
| <=1.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/455812/100/0/threaded
- http://securitytracker.com/id?1017463
- http://www.freeradius.org/security.html
- http://www.attrition.org/pipermail/vim/2007-February/001304.html
- http://osvdb.org/32082
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31248
- http://www.securityfocus.com/archive/1/455678/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-0080?
The severity of CVE-2007-0080 has been disputed, and its actual impact may vary depending on specific configurations and usage.
How do I fix CVE-2007-0080?
To fix CVE-2007-0080, upgrade to FreeRADIUS version 1.1.4 or later, which contains patches for this vulnerability.
Which versions of FreeRADIUS are affected by CVE-2007-0080?
CVE-2007-0080 affects FreeRADIUS versions 1.1.3 and earlier.
What type of vulnerability is CVE-2007-0080?
CVE-2007-0080 is categorized as a buffer overflow vulnerability.
Can CVE-2007-0080 allow remote code execution?
Yes, CVE-2007-0080 could potentially allow attackers to execute arbitrary code due to a buffer overflow condition.
- agent/author
- agent/type
- agent/references
- agent/severity
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/weakness
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/freeradius
- canonical/freeradius freeradius
- version/freeradius freeradius/1.1.3
- status/disputed
- canonical/freeradius
- version/freeradius/1.1.3