SecurityTracker Alert ID 1017463
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityTracker Alert ID 1017463 was recently brought to our attention. Our official statement about this issue is: - -- Official Vendor Statement from the FreeRADIUS Server project This issue is not a security vulnerability. The exploit is available only to local administrators who have write access to the server configuration files. As such, this issue has no security impact on any system running FreeRADIUS. - -- Official Vendor Statement from the FreeRADIUS Server project Please update the title and impact fields to indicate that the issue is NOT remotely exploitable. The "solution" is simple: ensure that only authorized users have write access to the server configuration files. We are curious as to why the issue is labelled "remote execution of code". The original notification did not claim that the issue was vulnerable to remote exploit. If you have any additional data that causes you to believe it is remotely exploitable, that information should be supplied to us so we can fix the problem. Barring additional data, we believe that the issue is non-existent, and has no security impact on any system running FreeRADIUS. Alan DeKok Project Leader The FreeRADIUS Server Project -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRb3g+6kul4vkAkl9AQL59QP/TO4aw3BpNkr3k3/lFqh2jYCymjEPjC1T GsVrW3ptuzDqO/JJ9lMWZYVPOjVWcfYWSPJg7COj+cHgDV331wC2feGeeWkgb3lG SbmX/wv9I+rSTSe3xkTtQL8Fe3tdtNbAaeIIeYx9AhB4c8rv+vO6GKFIXkaEdUq+ 7VoUZqykEbk= =OnAE -----END PGP SIGNATURE-----
participants (1)
-
Alan DeKok