Synopsis: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution Product: FreeRadius Version: <=1.1.3 Issue: ====== A critical security vulnerability has been found in FreeRadius 1.1.3. Arbitrary code execution is possible due to improper bounds-checking. Details: ======== Function of the prototype: SMB_Handle_Type SMB_Connect_Server(SMB_Handle_Type Con_Handle, char *server, char *NTdomain) when initializing (con->desthost) where con is SMB_Handle_Type class object does not check for bounds. Affected Versions ================= FreeRadius <=1.1.3 Kind regards, Michal Bucko (sapheal) hack.pl
