Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-4147

Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.

Related bugs and status

CVE-2013-4147 (Candidate) is related to these bugs:

Bug #1196265: Multiple Format String Vulnerabilities in yardradius

Summary				In	Importance	Status
	1196265	Multiple Format String Vulnerabilities in yardradius		yardradius (Ubuntu)	Medium	Confirmed
	1196265	Multiple Format String Vulnerabilities in yardradius		yardradius (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013071...
MISC: http://cxsecurity.com/...
CONFIRM: http://bugs.debian.org...
OSVDB: 95518
XF: yardradius-log-version...