CVE-2007-0080: Buffer Overflow
First published: Fri Jan 05 2007(Updated: )
** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freeradius Freeradius | <=1.1.3 | |
| <=1.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/455812/100/0/threaded
- http://securitytracker.com/id?1017463
- http://www.freeradius.org/security.html
- http://www.attrition.org/pipermail/vim/2007-February/001304.html
- http://osvdb.org/32082
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31248
- http://www.securityfocus.com/archive/1/455678/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/status
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/freeradius
- canonical/freeradius freeradius
- version/freeradius freeradius/1.1.3
- status/disputed