FreeRADIUS SMB_Connect_Server() buffer overflow
| freeradius-smbconnectserver-bo (31248) |  High Risk |
Description:
FreeRADIUS is vulnerable to a buffer overflow, caused by improper bounds checking by the SMB_Connect_Server() function of the SMB_Handle_Type class. A user with local administrative privileges can update the configuration file to overflow a buffer when the server starts. This can only be exploited by users who have write access to the server configuration files.
*CVSS:
| Base Score: | 2.9 |
| Access Vector: | Local |
| Access Complexity: | Low |
| Authentication: | Required |
| Confidentiality Impact: | Partial |
| Integrity Impact: | Partial |
| Availability Impact: | Partial |
| Temporal Score: | 2.3 |
| Exploitability: | Unproven |
| Remediation Level: | Unavailable |
| Report Confidence: | Uncorroborated |
Consequences:
Gain Privileges
Remedy:
No remedy available as of May 1, 2013.
References:
- BugTraq Mailing List, Tue Jan 02 2007 - 06:10:50 CST : FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution.
- FreeRADIUS Mailing List, Mon Jan 29 12:49:55 CET 2007: freeradius-smbconnectserver-bo (31248) feedback.
- CVE-2007-0080: ** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited only to local administrators who have write access to the server configuration files. CVE concurs with the dispute.
- OSVDB ID: 32082: FreeRADIUS SMB_Connect_Server Function SMB_Handle_Type Instance Remote Overflow
- SECTRACK ID: 1017463: [Vendor Disputes Security Impact] FreeRADIUS Buffer Overflow in SMB_Connect_Server() Function Lets Local Users Execute Arbitrary Code
Platforms Affected:
- FreeRADIUS FreeRADIUS 1.1.3
Reported:
Jan 02, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.