VULHUB ™

The Merit RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources. Numerous buffer overflows have been discovered in the package, which could allow a user to exploit the radius daemon. The radius daemon by default runs as UID root. A remote user may be able to overwrite stack variables, including the return address. This makes it possible for a remote user to execute arbitrary code, and potentially gain local root access.

The Merit RADIUS implementation is a user authentication software package designed to offer enhanced security services to users needing remote access to various resources. Numerous buffer overflows have been discovered in the package, which could allow a user to exploit the radius daemon. The radius daemon by default runs as UID root. A remote user may be able to overwrite stack variables, including the return address. This makes it possible for a remote user to execute arbitrary code, and potentially gain local root access.