Vulnerabilites related to gnu - radius
cve-2001-1376
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://online.securityfocus.com/archive/1/239784 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7534 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/589523 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/3530 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1376",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0576
Vulnerability from cvelistv5
Published
2004-06-30 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=110&type=vulnerabilities | x_refsource_MISC | |
| http://marc.info/?l=full-disclosure&m=108785242716726&w=2 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16466 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=110\u0026type=vulnerabilities"
},
{
"name": "20040621 [Full-Disclosure] iDEFENSE Security Advisory 06.21.04 - GNU Radius SNMP Invalid OID Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108785242716726\u0026w=2"
},
{
"name": "radius-snmp-oid-dos(16466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/application/poi/display?id=110\u0026type=vulnerabilities"
},
{
"name": "20040621 [Full-Disclosure] iDEFENSE Security Advisory 06.21.04 - GNU Radius SNMP Invalid OID Denial of Service Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=108785242716726\u0026w=2"
},
{
"name": "radius-snmp-oid-dos(16466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.idefense.com/application/poi/display?id=110\u0026type=vulnerabilities",
"refsource": "MISC",
"url": "http://www.idefense.com/application/poi/display?id=110\u0026type=vulnerabilities"
},
{
"name": "20040621 [Full-Disclosure] iDEFENSE Security Advisory 06.21.04 - GNU Radius SNMP Invalid OID Denial of Service Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=108785242716726\u0026w=2"
},
{
"name": "radius-snmp-oid-dos(16466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0576",
"datePublished": "2004-06-30T04:00:00",
"dateReserved": "2004-06-17T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0849
Vulnerability from cvelistv5
Published
2004-09-17 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17391 | vdb-entry, x_refsource_XF | |
| http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Info-gnu-radius] 20040915 GNU Radius 1.2.94.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html"
},
{
"name": "radius-asndecodestring-bo(17391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17391"
},
{
"name": "20040915 GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Info-gnu-radius] 20040915 GNU Radius 1.2.94.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html"
},
{
"name": "radius-asndecodestring-bo(17391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17391"
},
{
"name": "20040915 GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Info-gnu-radius] 20040915 GNU Radius 1.2.94.",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html"
},
{
"name": "radius-asndecodestring-bo(17391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17391"
},
{
"name": "20040915 GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0849",
"datePublished": "2004-09-17T04:00:00",
"dateReserved": "2004-09-13T00:00:00",
"dateUpdated": "2024-08-08T00:31:47.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4181
Vulnerability from cvelistv5
Published
2006-11-28 02:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23087 | third-party-advisory, x_refsource_SECUNIA | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443 | third-party-advisory, x_refsource_IDEFENSE | |
| http://security.gentoo.org/glsa/glsa-200612-17.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.vupen.com/english/advisories/2006/4712 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30508 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/21303 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017285 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23087"
},
{
"name": "20061126 GNU Radius Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443"
},
{
"name": "GLSA-200612-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-17.xml"
},
{
"name": "ADV-2006-4712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4712"
},
{
"name": "gnuradius-sqllog-format-string(30508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508"
},
{
"name": "21303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21303"
},
{
"name": "1017285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23087"
},
{
"name": "20061126 GNU Radius Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443"
},
{
"name": "GLSA-200612-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-17.xml"
},
{
"name": "ADV-2006-4712",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4712"
},
{
"name": "gnuradius-sqllog-format-string(30508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508"
},
{
"name": "21303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21303"
},
{
"name": "1017285",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23087"
},
{
"name": "20061126 GNU Radius Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443"
},
{
"name": "GLSA-200612-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-17.xml"
},
{
"name": "ADV-2006-4712",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4712"
},
{
"name": "gnuradius-sqllog-format-string(30508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508"
},
{
"name": "21303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21303"
},
{
"name": "1017285",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4181",
"datePublished": "2006-11-28T02:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0131
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true | third-party-advisory, x_refsource_IDEFENSE | |
| http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/277396 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/3824 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15046 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9578 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/10799 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040204 GNU Radius Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=71\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz"
},
{
"name": "VU#277396",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/277396"
},
{
"name": "3824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3824"
},
{
"name": "radius-radprintrequest-dos(15046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046"
},
{
"name": "9578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9578"
},
{
"name": "10799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040204 GNU Radius Remote Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=71\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz"
},
{
"name": "VU#277396",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/277396"
},
{
"name": "3824",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3824"
},
{
"name": "radius-radprintrequest-dos(15046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046"
},
{
"name": "9578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9578"
},
{
"name": "10799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040204 GNU Radius Remote Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=71\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz",
"refsource": "CONFIRM",
"url": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz"
},
{
"name": "VU#277396",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/277396"
},
{
"name": "3824",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3824"
},
{
"name": "radius-radprintrequest-dos(15046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046"
},
{
"name": "9578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9578"
},
{
"name": "10799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0131",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-10T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1377
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/8354.php | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/936683 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/4230 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisory, x_refsource_CERT | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1377",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-03-04 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEDD86F-92B9-43EC-80E3-54010E249FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDB110B-4057-4BA4-993A-9DA14888A093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B0DFDC-913E-4358-9BF1-6AA1F871CB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "F332DA97-B327-45E0-8948-18C2C7278757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "67632403-328E-4149-B0EC-2B563DDD7FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6945F8-EB40-4205-9585-3BF9A132406E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2A28A174-45A4-4886-8C87-2D475F9ABF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A949E3FF-5360-4FC1-95E5-AB5080156D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D000F534-1BF0-40A8-BD2B-9EBAF71D6FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "15253C62-0FCC-4699-9CC5-486F23CDD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.17b:*:*:*:*:*:*:*",
"matchCriteriaId": "D01B8A1D-A4EC-4B92-A9EC-BECB35185ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "10DD81E4-732C-4F23-80A7-987FCC0511D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28A5F502-7DA3-44E2-AEFB-6D1FD7121F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:livingston:radius:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2894BE-AE8B-491C-A776-5D2821D4DFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:livingston:radius:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92CD1A39-33F6-47C3-8899-286C07C9C219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:livingston:radius:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3133364-7726-4BFA-A552-03533F762161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lucent:radius:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96927B69-BA71-460B-8A59-CF3FC93C9661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lucent:radius:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "056AD200-84E8-4B99-863F-C1D61A6B4C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lucent:radius:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE2BA9-35E0-410A-B9CC-C77C9D95338E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4999A95F-9124-4585-B78C-34B8CDA87250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28DC815B-6648-4C3A-A66C-264EE6903CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "627CD710-183C-433B-9CC6-804C8A726FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA442BB3-4DAE-402C-8F3C-DFCA4C3EE63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE605C8B-316E-4C04-B5D1-97A0E2719DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13CF26C7-90DB-46FB-AE08-936FF7C324F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "15B965F5-E32D-4824-9A4B-0A2507CD167E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C211927E-DE7F-450F-918B-DC3EAF6C5743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A74F1BA-3E1A-4073-A290-C086B6388F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDB28FF-D0B4-45A4-A2E7-C56B4D660204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5263133F-0C92-4C16-B933-71AEAE9C33BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE414B4-5E23-4DE9-AD86-8FE51CCE723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6713B65-D941-4DCE-AA63-FE0B408E575B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xtradius:xtradius:1.1_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "43B671B4-7B26-4F43-A477-1EE7F1E74245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7326E7C2-F310-4820-A36D-C7045E6ED721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C37D50E1-E8E1-4D07-93D2-D8DEE13872D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "792AB6F5-0916-482B-A868-BC41B7A6EFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A295E4-7D6D-4906-84D4-BB80AF58422E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1FEC14-198C-46D1-8F96-9D91B9733A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2830F3-FB3A-4833-9027-B4933BA813ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95CC863F-9448-4692-AB9C-BA218D2313CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
],
"id": "CVE-2001-1377",
"lastModified": "2024-11-20T23:37:32.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4230"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-28 02:07
Modified
2024-11-21 00:15
Severity ?
Summary
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:radius:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78B79F54-2CD6-49CB-A97D-8EF9B8838C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7663874D-D122-4F6D-8DA4-CF1691388700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en la funci\u00f3n sqllog en el c\u00f3digo de tarificaci\u00f3n SQL para radiusd en GNU Radius 1.2 y 1.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nGNU, Radius, 1.4",
"id": "CVE-2006-4181",
"lastModified": "2024-11-21T00:15:19.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-28T02:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23087"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200612-17.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017285"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21303"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4712"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1017285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/21303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2006-12-04T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:radius:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B4923-F65D-4D51-944B-B63283FBAD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n rad_print_request en logger.c del demonio GNU Radius (radiusd) anteriores a 1.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un paquete UDP con un atributo Acct-Status-Type sin ning\u00fan valor, lo que causar una desreferencia nula."
}
],
"id": "CVE-2004-0131",
"lastModified": "2024-11-20T23:47:50.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10799"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=71\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/277396"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3824"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9578"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=71\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/277396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-23 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B0DFDC-913E-4358-9BF1-6AA1F871CB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "F332DA97-B327-45E0-8948-18C2C7278757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "67632403-328E-4149-B0EC-2B563DDD7FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6945F8-EB40-4205-9585-3BF9A132406E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "22C65C9A-89CA-41F9-9596-40077BC37944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B4923-F65D-4D51-944B-B63283FBAD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78B79F54-2CD6-49CB-A97D-8EF9B8838C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n asn_decode_string() definida en asn1.c en radiusd de GNU Radius 1.1 y 1.2 anteriores a 1.2.94, cuando se compila con la opci\u00f3n --enable-snmp, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante ciertas peticiones SNMP."
}
],
"id": "CVE-2004-0849",
"lastModified": "2024-11-20T23:49:33.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17391"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-04 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ascend:radius:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C0717614-9C92-4C20-9D65-0E488C97FAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEDD86F-92B9-43EC-80E3-54010E249FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDB110B-4057-4BA4-993A-9DA14888A093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B0DFDC-913E-4358-9BF1-6AA1F871CB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "F332DA97-B327-45E0-8948-18C2C7278757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "67632403-328E-4149-B0EC-2B563DDD7FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6945F8-EB40-4205-9585-3BF9A132406E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2A28A174-45A4-4886-8C87-2D475F9ABF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A949E3FF-5360-4FC1-95E5-AB5080156D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D000F534-1BF0-40A8-BD2B-9EBAF71D6FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "15253C62-0FCC-4699-9CC5-486F23CDD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.17b:*:*:*:*:*:*:*",
"matchCriteriaId": "D01B8A1D-A4EC-4B92-A9EC-BECB35185ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "10DD81E4-732C-4F23-80A7-987FCC0511D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icradius:icradius:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28A5F502-7DA3-44E2-AEFB-6D1FD7121F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:livingston:radius:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2894BE-AE8B-491C-A776-5D2821D4DFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:livingston:radius:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92CD1A39-33F6-47C3-8899-286C07C9C219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:livingston:radius:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3133364-7726-4BFA-A552-03533F762161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lucent:radius:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96927B69-BA71-460B-8A59-CF3FC93C9661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lucent:radius:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "056AD200-84E8-4B99-863F-C1D61A6B4C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lucent:radius:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCE2BA9-35E0-410A-B9CC-C77C9D95338E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4999A95F-9124-4585-B78C-34B8CDA87250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28DC815B-6648-4C3A-A66C-264EE6903CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "627CD710-183C-433B-9CC6-804C8A726FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA442BB3-4DAE-402C-8F3C-DFCA4C3EE63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE605C8B-316E-4C04-B5D1-97A0E2719DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13CF26C7-90DB-46FB-AE08-936FF7C324F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "15B965F5-E32D-4824-9A4B-0A2507CD167E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C211927E-DE7F-450F-918B-DC3EAF6C5743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A74F1BA-3E1A-4073-A290-C086B6388F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDB28FF-D0B4-45A4-A2E7-C56B4D660204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openradius:openradius:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5263133F-0C92-4C16-B933-71AEAE9C33BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE414B4-5E23-4DE9-AD86-8FE51CCE723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6713B65-D941-4DCE-AA63-FE0B408E575B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7326E7C2-F310-4820-A36D-C7045E6ED721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C37D50E1-E8E1-4D07-93D2-D8DEE13872D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "792AB6F5-0916-482B-A868-BC41B7A6EFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A295E4-7D6D-4906-84D4-BB80AF58422E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1FEC14-198C-46D1-8F96-9D91B9733A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2830F3-FB3A-4833-9027-B4933BA813ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "95CC863F-9448-4692-AB9C-BA218D2313CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
],
"id": "CVE-2001-1376",
"lastModified": "2024-11-20T23:37:32.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-06 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:radius:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B4923-F65D-4D51-944B-B63283FBAD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID."
},
{
"lang": "es",
"value": "El demonio radius (radiusd) de GNU Radius 1.1, cuando se compila con la opci\u00f3n -enable-snmp, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servidor) mediante un mensaje SNMP malformado conteniendo un OID no v\u00e1lido."
}
],
"id": "CVE-2004-0576",
"lastModified": "2024-11-20T23:48:53.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=108785242716726\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=110\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=108785242716726\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=110\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}