CERTVU:541574freeRADIUS Server vulnerable to a denial-of-service attack
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.932 High
EPSS
Percentile
99.0%
Overview
Multiple vulnerabilities in freeRADIUS Server may allow attackers to cause a denial-of-service condition.
Description
The Remote Authentication Dial In User Service (RADIUS) protocol is used for remote user authentication and accounting. freeRADIUS Server is an popular open-source RADIUS server.
According to freeRADIUS, three independent bugs in freeRADIUS Server versions 0.8.0 to 1.0.0 inclusive, may cause a denial-of-service condition.
According to Alan T. DeKok from the freeRADIUS project these vulnerabilities are the result of:
* _The function which decodes RADIUS attributes into data structures did not properly check for malformed USR vendor-specific attributes. As a result, when the server received any packet containing a malformed USR VSA, it could be convinced to call "memcpy" with a length value of "-1", which memcpy would interpret as 0xffffffff. The resulting infinite copy would cause the server to core dump._
* _The function which decodes RADIUS attributes into data structures did not properly check for certain pre-conditions before decoding Ascend-Send-Secret and Ascend-Recv-Secret attributes. As result, when the server received an Access-Request or Accounting-Request packet containing an Ascend-Send-Secret or Ascend-Recv-Secret attribute, it could be convinced to call a function to decode the contents of the attribute, with a NULL pointer, where that function expected a pointer to a valid data structure. That function would de-reference the NULL pointer, and cause the server to core dump._
* _The function which decodes RADIUS attributes into data structures did not properly clean up after itself if the Ascend-Send-Secret, Ascend-Recv-Secret, or Tunnel-Password attributes were received in an Access-Request packet. As a result, a previously allocated data structure was not freed, and the server would leak a data structure of approximately 300 bytes for every Access-Request packet it received which contained those RADIUS attributes. If sufficient packets matching that criteria were received, the server process would run out of memory, and would be killed by the OS._
Impact
A remote attacker may be able to crash the freeRADIUS Server causing a denial-of-service condition.
Solution
Upgrade freeRADIUS
These vulnerabilities were corrected in freeRADIUS Server version 1.0.1.
Limit Access to freeRADIUS
To reduce the impact of exploitation, access to freeRADIUS services should restricted to only trusted hosts on necessary ports (1812 UDP for Authentication and 1813 UDP for Accounting).
Vendor Information
541574
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Debian __ Affected
Notified: October 05, 2004 Updated: October 18, 2004
Status
Affected
Vendor Statement
Debian stable is not vulnerable to this issue since it doesn’t contain a freeradius package. The current testing and unstable distributions are vulnerable. The fixed freeradius package has version 1.0.1-1 and will migrate into testing soon.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
FreeRADIUS __ Affected
Notified: September 28, 2004 Updated: September 29, 2004
Status
Affected
Vendor Statement
According to freeRadius:
We have released version 1.0.1 to address these vulnerabilities. We strongly suggest that users of all previous versions of the server upgrade to 1.0.1.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Apple Computer Inc. __ Not Affected
Notified: October 05, 2004 Updated: February 01, 2005
Status
Not Affected
Vendor Statement
Mac OS X and Mac OS X Server do not contain the software described in this vulnerability note.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Chiaro Networks __ Not Affected
Notified: October 05, 2004 Updated: October 07, 2004
Status
Not Affected
Vendor Statement
The Enstara platform does not implement a RADIUS server in the product. It is not susceptible to VU#541574.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Foundry Networks Inc. __ Not Affected
Notified: October 05, 2004 Updated: October 06, 2004
Status
Not Affected
Vendor Statement
Foundry switches and routers are not vulnerable.
Foundry does not utilize the freeRADIUS software in any of its product offerings.
Foundry does recommend that any customer using the freeRADIUS server should upgrade their freeRADIUS software. Servers that are not upgraded run the risk of being successfully attacked using this vulnerability, causing the device to crash and lose network connectivity. Devices using the IEEE 802.1x authentication mechanism would not be authenticated when the RADIUS server is down and would not be allowed access to the network.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Hitachi __ Not Affected
Notified: October 05, 2004 Updated: October 08, 2004
Status
Not Affected
Vendor Statement
Hitachi’s Products is NOT Vulnerable to this issue.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Intoto __ Not Affected
Notified: October 05, 2004 Updated: October 14, 2004
Status
Not Affected
Vendor Statement
Intoto products are not vulnerable to the DoS attack documented in this vulnerability note, as freeRADIUS server software is not part of any of Intoto products.
However, customers may be using freeRADIUS server for XAUTH and WAN user authentication purposes with Intoto products. We strongly recommend users to patch their server from authentic sources. Otherwise, they carry risk of service outages.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Stonesoft __ Not Affected
Notified: October 05, 2004 Updated: October 07, 2004
Status
Not Affected
Vendor Statement
Stonesoft does not use freeRADIUS server in any of its product offerings and, therefore, they are not vulnerable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
3Com Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
AT&T Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Alcatel Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Avaya Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Avici Systems Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
BSDI Unknown
Notified: October 05, 2004 Updated: October 11, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Borderware Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Check Point Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Cisco Systems Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Clavister __ Unknown
Notified: October 05, 2004 Updated: October 07, 2004
Status
Unknown
Vendor Statement
Clavister: Not vulnerable
Clavister does not integrate freeRADIUS in any of its products. Additionaly, configuring Clavister Firewall to use a freeRADIUS server for AAA does not open up additional attack venues, since none of the affected vendor-specific attributes are used.
Clavister generally recommends that RADIUS servers be placed in a separate network segment where third parties cannot interfere with traffic between access gateways and the RADIUS server.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Computer Associates Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Connectiva Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
CovErt Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Cray Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Cwnt Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
D-Link Systems Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Data Connection Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
EMC Corporation Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Engarde Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Extreme Networks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
F5 Networks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Fortinet Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
FreeBSD Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Fujitsu Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
GTA Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Hewlett-Packard Company Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Hyperchip Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
IBM Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
IBM eServer Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
IBM-zSeries Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
IP Filter Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Immunix Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Ingrian Networks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Intel Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Juniper Networks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Lachman Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Linksys Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Lucent Technologies Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Luminous Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
MandrakeSoft Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Microsoft Corporation Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
MontaVista Software Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Multi-Tech Systems Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Multinet Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
NEC Corporation Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
NETBSD Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
NETfilter Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
NetScreen Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Network Appliance Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
NextHop Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Nokia Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Nortel Networks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Novell Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
OpenBSD Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Openwall GNU/*/Linux Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Red Hat Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Redback Networks Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Riverstone Networks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
SCO Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
SCO Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
SGI Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Secure Computing Corporation Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
SecureWorks Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Sequent Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Sony Corporation Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
SuSE Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Sun Microsystems Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Symantec Corporation Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
TurboLinux Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Unisys Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
WatchGuard Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
Wind River Systems Inc. Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
ZyXEL Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
eSoft Unknown
Notified: October 05, 2004 Updated: October 05, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23541574 Feedback>).
View all 82 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://secunia.com/advisories/12570/>
- <http://www.securitytracker.com/alerts/2004/Sep/1011364.html>
- <http://www.freeradius.org/security.html>
Acknowledgements
This vulnerability was publicly repoted by Secunia Security Advisories.We thank Alan T. DeKok of freeRADIUS for providing information regarding this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2004-0938 |
|---|---|
| Severity Metric: | 2.84 Date Public: |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.932 High
EPSS
Percentile
99.0%