An attacker must supply valid RADIUS server administrator authentication credentials in order to exploit this vulnerability.
It should be noted: "If an attacker can access open FD's in the executed program, they can write to any program on the system, in which case there are very many other, and worse, things that they can do."
Upgrade to version 1.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Vendor Specific News/Changelog Entry: http://www.freeradius.org/security/20050909-response-to-suse.txt Vendor Specific Advisory URL Related OSVDB ID: 19327 Related OSVDB ID: 19326 Related OSVDB ID: 19328 Related OSVDB ID: 19330