YardRadius – Multiple Local Format String Vulnerabilities

• Exploit Database
• 37 阅读

• 作者： Hamid Zamani
  日期： 2013-06-30
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38672/

• source: https://www.securityfocus.com/bid/61356/info
  
  YardRadius is prone to multiple local format-string vulnerabilities.
  
  Local attackers can leverage these issues to cause denial-of-service conditions. Due to nature of these issues, arbitrary code-execution within the context of the vulnerable application may also be possible.
  
  YardRadius 1.1.2-4 is vulnerable; other versions may also be possible.
  
  The following proof-of-concept is available:
  
  ln -s radiusd %x
  
  ./%x -v