##############################################################################
#
#  GNU Radius sqllog() Format String Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/11/29
#
#  $Revision: 1.1 $
#
#  $Log: os2a_gnu_radius_fmt_str_604101.nasl,v $
#  Revision 1.1  2006/12/01 13:42:11  shraddha
#  To Production Issue #3341
#
#
#  Revision 1.1  2006/11/29 07:12:29  karun
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(604101);
 script_bugtraq_id(21303);
 script_cve_id("CVE-2006-4181");
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc.");
 script_name(english:"GNU Radius sqllog() Format String Vulnerability");
 script_summary(english:"Check for the vulnerable version of GNU Radius");
 desc["english"] = "
 Overview : This host has GNU Radius installed, which is prone to format string
 vulnerability.
 
 The vulnerability is caused due to a format string error within the sqllog()
 function and can be exploited by sending specially crafted strings containing
 format specifiers.

 Exploitation requires that GNU Radius is compiled with SQL support and SQL
 accounting is enabled.

 Impact : Successful exploitation allows execution of arbitrary code.

 Scope of impact is limited to system level.

 Affected Software : GNU Radius 1.3 and prior.

 Affected Platform : Linux (any).

 Solution : Update to version 1.4,
            http://www.gnu.org/software/radius/radius.html

 References : 
 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443

 CVSS Score :
	CVSS Base Score     : 5.6 (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
	CVSS Temporal Score : 4.1
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/uname");
 exit(0);
}


 include("ssh_func.inc");
 include("os2a_misc_func.inc");

 if("Linux" >!< get_kb_item("Host/uname")){
        exit(0);
 }

 flag = os2a_check_ver_by_ssh_cmd_exec(
		cmd:"radiusd -V", timeout:120,
                pattern:"GNU Radius version (0\..*|1\.[0-3](\..*)?)[^.0-9]");
 if(flag == 1){
 	security_warning(0);
 }