GNU.Radius.SQL.Accounting.Format.String

description-logoDescription

This indicates an attack attempt against a format string vulnerability in GNU Radius suite.
The vulnerability is caused by insufficient validation in the sqllog() function. By sending a specially crafted request message, a remote attacker could execute arbitrary code on a vulnerable system.

affected-products-logoAffected Products

GNU Radius versions 1.2 and 1.3; other versions may also be affected.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrades or patches from the vendor:
http://www.gnu.org/software/radius/#downloading.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)