Description
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
Affected products
- gnu / radius1.2 – 1.2
- gnu / radius1.3 – 1.3
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/23087
- MISChttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443
- MISChttp://security.gentoo.org/glsa/glsa-200612-17.xml
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4712
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/30508
- MISChttp://www.securityfocus.com/bid/21303
- MISChttp://securitytracker.com/id?1017285