[VIM] FreeRADIUS dispute of CVE-2007-0080

Steven M. Christey coley at mitre.org
Sun Feb 11 02:36:51 EST 2007


Received this via email.

http://www.freeradius.org/security.html

"2007.01.02 - SMB_Handle_Type SMB_Connect_Server. While the summary is
superficially correct, and there is a stack overflow in rlm_smb, the
issue is less problematic than it sounds...  In summary, the issue is
not remotely exploitable. It is exploitable by local administrators
who have write access to the server configuration files. If an
attacker can write to the server configuration files, they can
configure the server to run arbitrary programs. Exploiting the server
via a stack overflow would be unnecessary."

The vendor mentions that some VDB's haven't updated their records yet.

- Steve


More information about the VIM mailing list