What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-03
- - ---------------------------------------------------------------------

          PACKAGE : cistonradius
          SUMMARY : buffer overflow
             DATE : 2003-07-11 13:57 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : =cistronradius-1.6.6-r1
              CVE : CAN-2003-0450

- - ---------------------------------------------------------------------

quote from CVE:
"Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large value in an NAS-Port attribute, which is interpreted
as a negative number and causes a buffer overflow."

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-dialup/cistronradius upgrade to cistronradius-1.6.6-r1 as follows

emerge sync
emerge cistronradius
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Gentoo: cistronradius Buffer overflow vulnerability

Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remoteattackers to cause a denial of service and possibly execute arbitrarycode via a large value in an NAS-Port at...

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-03
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

quote from CVE:
"Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large value in an NAS-Port attribute, which is interpreted
as a negative number and causes a buffer overflow."

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-dialup/cistronradius upgrade to cistronradius-1.6.6-r1 as follows

emerge sync
emerge cistronradius
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Resolution

References

Availability

Concerns

Severity
PACKAGE : cistonradius
SUMMARY : buffer overflow
DATE : 2003-07-11 13:57 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =cistronradius-1.6.6-r1
CVE : CAN-2003-0450

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

The Present & Future of Kernel Security: Linux's Unique Method for Securing Code

Dec 8, 2023

Pros And Cons Of Linux Programming

Oct 1, 2023

Linux Malware! Read This If You Use Free Download Manager

Sep 13, 2023

Mitigations for Important Vim Code Execution, DoS Vulns Released

Aug 31, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo