CVE-2007-0080

Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute

Published: Jan 5, 2007
Updated: Nov 8, 2023
CVE: CVE-2007-0080
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
freeradius / freeradius	-	1.1.3.x

http://osvdb.org/32082
http://securitytracker.com/id?1017463
http://www.attrition.org/pipermail/vim/2007-February/001304.html
http://www.freeradius.org/security.html
http://www.securityfocus.com/archive/1/455678/100/0/threaded
http://www.securityfocus.com/archive/1/455812/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/31248

Vulnerability Database

289,697

CVE-2007-0080