Security Information / 2013 / Security Information -- DSA-2726-1 php-radius

Debian Security Advisory

DSA-2726-1 php-radius -- buffer overflow

Date Reported:

25 Jul 2013

Affected Packages:

php-radius

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 714362.
In Mitre's CVE dictionary: CVE-2013-2220.

More information:

A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.

For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.5-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in version 1.2.5-2.3+deb7u1.

For the unstable distribution (sid), this problem has been fixed in version 1.2.5-2.4.

We recommend that you upgrade your php-radius packages.