Some vulnerabilities have been reported in FreeRADIUS, which potentially can be exploited by malicious people to disclose certain sensitive information or cause a DoS (Denial of Service).

1) A boundary error in the handling of environment variables in the "radius_exec_program()" function in exec.c can potentially cause a stack-based buffer overflow and crash the system.

2) Off-by-one errors in token.c and sql_unixodbc.c can potentially cause a crash.

3) A boundary error in xlat.c when handling replies from the server may overflow a variable on the stack.

4) An error in validating the results of the "strftime()" function call in xlat.c can cause a memory leak of 40 bytes from the stack.

5) An error in escaping ldap data in rlm_ldap.c may disclose certain ldap data via a malformed query.

The vulnerabilities affect version 1.0.4. Prior versions may also be affected.

Solution
Update to version 1.0.5.
Further details available in Customer Area

Provided and/or discovered by
Reported by vendor.

Changelog
Further details available in Customer Area

Original Advisory
Red Hat:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167677

Deep Links
Links available in Customer Area