fkie_nvd - fkie_cve-2004-0961

fkie_cve-2004-0961

Vulnerability from fkie_nvd

Published

2005-02-09 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

References

URL	Tags
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200409-29.xml
cve@mitre.org	http://www.kb.cert.org/vuls/id/541574	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/11222	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17440
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200409-29.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/541574	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11222	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17440
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024

Impacted products

Vendor	Product	Version
freeradius	freeradius	0.2
freeradius	freeradius	0.3
freeradius	freeradius	0.4
freeradius	freeradius	0.5
freeradius	freeradius	0.8
freeradius	freeradius	0.8.1
freeradius	freeradius	0.9
freeradius	freeradius	0.9.1
freeradius	freeradius	0.9.2
freeradius	freeradius	0.9.3
freeradius	freeradius	1.0.0
redhat	enterprise_linux	3.0
redhat	enterprise_linux	3.0
redhat	fedora_core	core_2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AEDD86F-92B9-43EC-80E3-54010E249FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFDB110B-4057-4BA4-993A-9DA14888A093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C8708B-4D1A-48A7-87DF-DF4B53E66D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0369C1A6-A0FE-4BF8-89F5-5ED384565DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1638CC08-8886-4863-8532-883A8616592F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4FD4F2-0449-4562-ABF2-927206CB77DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "636F3F00-97A5-4497-A6A9-722AFC5BD689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECDFCD7-0189-4C59-842D-C5F9064033A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD634946-ED9B-47EB-8D0F-88EA6057D17C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49152208-4DBD-4AF7-BCB3-3D56650899F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes."
    }
  ],
  "id": "CVE-2004-0961",
  "lastModified": "2024-11-20T23:49:46.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-02-09T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/541574"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11222"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/541574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2004-0961

Vulnerability from cvelistv5

Published

2004-10-20 04:00

Modified

2024-08-08 00:31