SuseSUSE-SA:2002:013remote command execution in radiusd-cistron
0.037 Low
EPSS
Percentile
90.7%
The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. The only workaround for this bug is to disable the radius-server until the new packages have been installed.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.3 | i386 | radiusd-cistron | < 1.6.4-168 | radiusd-cistron-1.6.4-168.i386.rpm |
| openSUSE | 7.1 | sparc | radiusd-cistron | < 1.6.4-65 | radiusd-cistron-1.6.4-65.sparc.rpm |
| openSUSE | 7.1 | alpha | radiusd-cistron | < 1.6.4-69 | radiusd-cistron-1.6.4-69.alpha.rpm |
| openSUSE | 7.1 | ppc | radiusd-cistron | < 1.6.4-95 | radiusd-cistron-1.6.4-95.ppc.rpm |
| openSUSE | 7.0 | sparc | cistron | < 1.6.3-4 | cistron-1.6.3-4.sparc.rpm |
| openSUSE | 7.3 | ppc | radiusd-cistron | < 1.6.4-95 | radiusd-cistron-1.6.4-95.ppc.rpm |
| openSUSE | 7.0 | ppc | cistron | < 1.6.3-85 | cistron-1.6.3-85.ppc.rpm |
| openSUSE | 6.4 | i386 | cistron | < 1.6.2-25 | cistron-1.6.2-25.i386.rpm |
| openSUSE | 6.4 | ppc | cistron | < 1.6.2-21 | cistron-1.6.2-21.ppc.rpm |
| openSUSE | 7.3 | sparc | radiusd-cistron | < 1.6.4-65 | radiusd-cistron-1.6.4-65.sparc.rpm |
