SuSe: radiusd-cistron denial of service vulnerability
Summary
______________________________________________________________________________
SuSE Security Announcement
Package: radiusd-cistron
Announcement-ID: SuSE-SA:2003:030
Date: Friday, Jun 13th 2003 09:32 MET
Affected products: 7.2, 7.3, 8.0
Vulnerability Type: possible remote system compromise
SuSE default package: no
Cross References:
?bug=196063
Content of this advisory:
1) security vulnerability resolved: handling too large NAS numbers problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- lprng
- frox
- poster
- ghostscript-library
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The package radiusd-cistron is an implementation of the RADIUS protocol.
Unfortunately the RADIUS server handles too large NAS numbers not
correctly. This leads to overwriting internal memory of the server
process and may be abused to gain remote access to the system the RADIUS
server is running on.
There is no temporary workaround known.
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
Please note, missing packages will be published as soon as possible.
Intel i386 Platform:
SuSE-8.0:
e61fb299edfb092f24b3e455256cf262
patch rpm(s):
d323307d4bc4c0e4dc0bcef3f848b91f
source rpm(s):
fc7718319972625612292798092d9a8b
SuSE-7.3:
ee949e18ef02e87dffc4b5ea8d5d5ec5
source rpm(s):
f4f87aab549967c0d4c216c8d2e312a1
SuSE-7.2:
e5a20985f79c887739ce0b83539c347b
source rpm(s):
f5f73b9e9c3e5d338bfddd1a6b2b14d8
Sparc Platform:
SuSE-7.3:
7318cc63ec3c29618b81ae6c8eb29fc8
source rpm(s):
0212fba5fd8d4ff3e9afe4a8a8802655
PPC Power PC Platform:
SuSE-7.3:
30f9920f2a8d2db0e8eb2a0439d61118
source rpm(s):
8133911f08442832c383000cb65e70ca
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- lprng
A race condition in psbanner was fixed that can be abused by local
users to overwrite file owned by daemon:lp.
New packages are available on out FTP servers.
- frox
The init script of frox handled tmp file in an insecure manner.
This behavior can be exploited by local users.
New packages are available on out FTP servers.
- poster
A possible buffer overflow due to usage of gets() was fixed which could
have been exploited by malicious input data to execute code under the
user id of the user running poster.
New packages are available on out FTP servers.
- ghostscript-library
Malicious PostScript[tm] files could execute shell commands
even if the ghostscript interpreter was invoked with the -dSAFER
flag.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
References
