CVE-2013-4147

Name of the Vulnerable Software and Affected Versions YARD RADIUS version 1.1.2

Description The issue concerns multiple format string vulnerabilities that allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code. This is achieved through format string specifiers in a request, specifically in the log msg function in log.c, or the version or build version function in version.c.

Recommendations For YARD RADIUS version 1.1.2, consider disabling the log msg function in log.c, as well as the version and build version functions in version.c, until a patch is available to prevent potential exploitation. Restrict access to these functions to minimize the risk of a denial of service or arbitrary code execution.