CVE-2013-4147

YARD RADIUS 1.1.2 - Format String Vulnerability in Log and Version Functions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4147. PoCs published by Hamid Zamani.

AI-analyzed exploit summary This exploit leverages a local format-string vulnerability in YardRadius by creating a symbolic link with a format specifier (%x) and executing the binary. This can lead to denial-of-service or potential arbitrary code execution.

Description

Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hamid Zamani · textlocalwindows

https://www.exploit-db.com/exploits/38672

View Code ZIP pw:eip

This exploit leverages a local format-string vulnerability in YardRadius by creating a symbolic link with a format specifier (%x) and executing the binary. This can lead to denial-of-service or potential arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: YardRadius 1.1.2-4

No auth needed

Prerequisites: Local access to the system · Presence of YardRadius binary

MITRE ATT&CK