-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-0080 was recently brought to our attention. Please find our official response below. In short, the response of 3APA3A is correct. (i.e. http://www.securityfocus.com/archive/1/455812/100/0/threaded) We believe that the correct CVSS base score metrics are as follows: http://nvd.nist.gov/cvss.cfm?name=CVE-2007-0080&vector=(AV:L/AC:L/Au:R/C:N/I...) The issue is NOT remotely exploitable. The attack complexity is low (editing a configuration file). Only authenticated administrators on the local machine can cause this issue. There is no confidentiality impact, as the administrator already has complete access to the local system. There is no integrity or availability impact, because exploiting the issue is done by the local administrator who runs code he is permitted to run, with a privilege level he is permitted to use. Please update the CVE listing with the above CVSS base score. For publication on the web site, our official statement is: - -- Official Vendor Statement from the FreeRADIUS Server project This issue is not a security vulnerability. The exploit is available only to local administrators who have write access to the server configuration files. As such, this issue has no security impact on any system running FreeRADIUS. - -- Official Vendor Statement from the FreeRADIUS Server project Please also update the Overview, with the following suggested text: - -- Overview A buffer overflow in the SMB_Connect_Server function in FreeRADIUS 1.1.4 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. This issue can not be exploited remotely, and can only be exploited by administrators who have write access to the server configuration files. - -- Overview As additional information, the originator of the issue did not contact us for an official vendor statement, and did not respond to our attempts to discuss this issue. Our security contact is clearly available on the web site (http://freeradius.org/security.html), and includes a PGP key for authentication confidentiality. We suggest anyone who believes they find an issue in FreeRADIUS contact us before making the issue public. Alan DeKok Project Leader The FreeRADIUS Server Project -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRb3Seakul4vkAkl9AQLH2gP/Uvi+92B5me9E/nq6tlG58RrlNfsQoRHG E6Kilk/9CACjOHRLk02dLo9eVN9kZYCZ8eOL8ki9Mfx7hRfFFWPmrWQ41w71wegO n85oOooXdH5O8gu/5siu3RlsBkHKfNo72ywMz8xJGbKHUlDcFhoZWNqZOGVIjDW6 TH/oa8nmnYo= =/Jg6 -----END PGP SIGNATURE-----
participants (1)
-
Alan DeKok