-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please update your database with the following vendor statement re: the FreeRADIUS SMB_Connect_Server issue. - -- Official Vendor Statement from the FreeRADIUS Server project This issue is not a security vulnerability. The exploit is available only to local administrators who have write access to the server configuration files. As such, this issue has no security impact on any system running FreeRADIUS. - -- Official Vendor Statement from the FreeRADIUS Server project The current "Description" is, in fact, nonsensical:
By sending a specially-crafted SMB request containing a malformed Con_Handle parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system.
"Con_Handle" is a data structure inside of the server, and is therefore never sent in a SMB request. The issue is not remotely exploitable, and we are curious as to how ISS arrived at the above text. The original notification did not state that the problem was remotely exploitable. We suggest the following text for the Description, Remedy, and Consequences sections: - -- Description FreeRADIUS is vulnerable to a buffer overflow, caused by improper bounds checking by the SMB_Connect_Server() function of the SMB_Handle_Type class. Local administrators can update the configuration file to overflow a buffer when the server starts. This issue cannot be exploited remotely, and can only be exploited by users who have write access to the server configuration files. - -- Description: - -- Remedy: Administrators should ensure that unauthorized users do not have write access to the server configuration files. - -- Remedy: - -- Consequences: None. - -- Consequences: This issue is not a real vulnerability, and we therefore request that you update your database to indicate that. Alan DeKok. Project Leader The FreeRADIUS Server Project -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRb3fY6kul4vkAkl9AQJtUQQAhOLB4VO3zwNBdPKqTbdTTAA+kgFW66ew NRd1I8pZah0aUUeVCX/+fNC6E6HuWjs93oyJ/Rqi4acK/5EEVxLubMmsQnIDd9+i XFdXIsZSz+e2n8Kc1hxIcgNTnc3ZXretUeIOBxUGngcVLwmTtfGGfK/uZVjw4iHV PGOKIEeG5cQ= =TkSw -----END PGP SIGNATURE-----