Title: Merit RADIUS Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
The Merit RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources.
A problem with the software package makes it possible for remote users to execute arbitrary code. In the event that this vulnerability is exploited, a remote user can gain local access to the system. The daemon, by default, runs as root, which also may allow a remote user to gain local administrative privileges.
Multiple buffer overflows within the Merit RADIUS package may be taken advantage of to aid in the compromising of a remote system. Due to insufficient sanity checking of user supplied data in various components of the package such as the logging functions of the radius daemon, it is possible for a remote user to create a buffer overflow, which could result in the overwriting of variables on the stack, including the return address.
The use of an inherently insecure function within authenticate.c and funcs.c make possible the exploitation of numerous buffer overflows.
The strcpy() function is used frequently which performs unbounded copies of one string to another.
This function can be exploited to cause a buffer overflow, and code execution.
Affected Products:
- Merit RADIUS 3.6.0B
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
