[原文]Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
This vulnerability was announced in an ISS X-Force Security Advisory on July 5, 2001.
Simon Horms RADIUS 2.1 -2
The Lucent RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources. The package is no longer maintained by Lucent, and is public domain.
A problem with the software package makes it possible for remote users to execute arbitrary code. The package contains numerous format string vulnerabilities, which may allow an attacker to use format specifiers to write almost arbitrary values to an almost arbitrary location in memory.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.