This vulnerability was announced in an ISS X-Force Security Advisory on July 5, 2001.
Simon Horms RADIUS 2.1 -2
The Lucent RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources. The package is no longer maintained by Lucent, and is public domain.
Numerous buffer overflows have been discovered in the package, which could allow a user to exploit the radius daemon. The radius daemon by default runs as UID root. A remote user may be able to overwrite stack variables, including the return address.
This makes it possible for a remote user to execute arbitrary code, and potentially gain local root access.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.