Lucene search

[email protected]CVE-2008-5284

HistoryNov 29, 2008 - 2:30 a.m.

CVE-2008-5284

2008-11-2902:30:00

CWE-189

[email protected]

web.nvd.nist.gov

iea software

radiusnt

radiusx

emerald

air marshal

radlogin

denial of service

remote attack

memory overwrite

http

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.084 Low

EPSS

Percentile

94.4%

JSON

The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

iea_softwareair_marshalMatch1.0.3

iea_softwareair_marshalMatch1.0.4

iea_softwareair_marshalMatch1.0.5

iea_softwareair_marshalMatch1.0.6

iea_softwareair_marshalMatch1.0.7

iea_softwareair_marshalMatch1.0.8

iea_softwareair_marshalMatch1.0.9

iea_softwareair_marshalMatch1.0.10

iea_softwareair_marshalMatch1.0.11

iea_softwareair_marshalMatch1.0.15

iea_softwareair_marshalMatch1.0.16

iea_softwareair_marshalMatch1.0.18

iea_softwareair_marshalMatch1.0.19

iea_softwareair_marshalMatch1.0.20

iea_softwareair_marshalMatch1.0.21

iea_softwareair_marshalMatch1.0.22

iea_softwareair_marshalMatch2.0.0

iea_softwareair_marshalMatch2.0.0.b.7

iea_softwareair_marshalMatch2.0.0.b1

iea_softwareair_marshalMatch2.0.1

iea_softwareair_marshalMatch2.0.3

iea_softwareair_marshalMatch2.0.4

iea_softwareair_marshalMatch2.0.5

iea_softwareemeraldMatch5.0.24

iea_softwareemeraldMatch5.0.25

iea_softwareemeraldMatch5.0.26

iea_softwareemeraldMatch5.0.27

iea_softwareemeraldMatch5.0.28

iea_softwareemeraldMatch5.0.29

iea_softwareemeraldMatch5.0.30

iea_softwareemeraldMatch5.0.31

iea_softwareemeraldMatch5.0.32

iea_softwareemeraldMatch5.0.33

iea_softwareemeraldMatch5.0.35

iea_softwareemeraldMatch5.0.36

iea_softwareemeraldMatch5.0.37

iea_softwareemeraldMatch5.0.39

iea_softwareemeraldMatch5.0.40

iea_softwareemeraldMatch5.0.41

iea_softwareemeraldMatch5.0.42

iea_softwareemeraldMatch5.0.44

iea_softwareemeraldMatch5.0.46

iea_softwareemeraldMatch5.0.48

iea_softwareemeraldMatch5.0.49

iea_softwareemeraldMatch5.0.50

iea_softwareemeraldMatch5.0.51

iea_softwareradius_test_clientMatch4.0.15

iea_softwareradius_test_clientMatch4.0.20

iea_softwareradiusntRange≤5.1.42

iea_softwareradiusntMatch3.0.145

iea_softwareradiusntMatch3.0.147

iea_softwareradiusntMatch3.0.149

iea_softwareradiusntMatch3.0.150

iea_softwareradiusntMatch3.0.154

iea_softwareradiusntMatch3.0.158

iea_softwareradiusntMatch3.0.162

iea_softwareradiusntMatch3.0.167

iea_softwareradiusntMatch3.0.168

iea_softwareradiusntMatch3.0.171

iea_softwareradiusntMatch3.0.172

iea_softwareradiusntMatch3.0.173

iea_softwareradiusntMatch3.0.174

iea_softwareradiusntMatch3.0.175

iea_softwareradiusntMatch3.0.176

iea_softwareradiusntMatch3.0.177

iea_softwareradiusntMatch3.0.178

iea_softwareradiusntMatch3.0.179

iea_softwareradiusntMatch3.0.182

iea_softwareradiusntMatch3.0.183

iea_softwareradiusntMatch3.0.184

iea_softwareradiusntMatch3.0.185

iea_softwareradiusntMatch3.0.186

iea_softwareradiusntMatch3.0.188

iea_softwareradiusntMatch3.0.189

iea_softwareradiusntMatch3.0.190

iea_softwareradiusntMatch3.0.191

iea_softwareradiusntMatch4.0.1

iea_softwareradiusntMatch4.0.2

iea_softwareradiusntMatch4.0.3

iea_softwareradiusntMatch4.0.5

iea_softwareradiusntMatch4.0.6

iea_softwareradiusntMatch4.0.7

iea_softwareradiusntMatch4.0.8

iea_softwareradiusntMatch4.0.10

iea_softwareradiusntMatch4.0.11

iea_softwareradiusntMatch4.0.12

iea_softwareradiusntMatch4.0.13

iea_softwareradiusntMatch4.0.14

iea_softwareradiusntMatch4.0.15

iea_softwareradiusntMatch4.0.17

iea_softwareradiusntMatch4.0.20

iea_softwareradiusntMatch4.0.21

iea_softwareradiusntMatch4.0.23

iea_softwareradiusntMatch4.0.24

iea_softwareradiusntMatch4.0.26

iea_softwareradiusntMatch4.0.27

iea_softwareradiusntMatch4.0.28

iea_softwareradiusntMatch4.0.29

iea_softwareradiusntMatch4.0.30

iea_softwareradiusntMatch4.0.31

iea_softwareradiusntMatch4.0.32

iea_softwareradiusntMatch4.0.33

iea_softwareradiusntMatch4.0.34

iea_softwareradiusntMatch4.0.35

iea_softwareradiusntMatch4.0.38

iea_softwareradiusntMatch4.0.39

iea_softwareradiusntMatch4.0.40

iea_softwareradiusntMatch4.0.41

iea_softwareradiusntMatch4.0.43

iea_softwareradiusntMatch4.0.44

iea_softwareradiusntMatch4.0.47

iea_softwareradiusntMatch4.0.49

iea_softwareradiusntMatch4.0.51

iea_softwareradiusntMatch4.0.54

iea_softwareradiusntMatch4.0.55

iea_softwareradiusntMatch4.0.56

iea_softwareradiusntMatch4.0.57

iea_softwareradiusntMatch4.0.59

iea_softwareradiusntMatch4.0.60

iea_softwareradiusntMatch4.0.62

iea_softwareradiusntMatch4.0.63

iea_softwareradiusntMatch4.0.67

iea_softwareradiusntMatch4.0.68

iea_softwareradiusntMatch4.0.69

iea_softwareradiusntMatch4.0.70

iea_softwareradiusntMatch4.0.71

iea_softwareradiusntMatch4.0.72

iea_softwareradiusntMatch4.0.73

iea_softwareradiusntMatch4.0.74

iea_softwareradiusntMatch4.0.75

iea_softwareradiusntMatch4.0.76

iea_softwareradiusntMatch4.0.77

iea_softwareradiusntMatch4.0.79

iea_softwareradiusntMatch4.0.80

iea_softwareradiusntMatch4.0.81

iea_softwareradiusntMatch4.0.82

iea_softwareradiusntMatch4.0.83

iea_softwareradiusntMatch4.0.84

iea_softwareradiusntMatch4.0.85

iea_softwareradiusntMatch4.0.86

iea_softwareradiusntMatch4.0.193

iea_softwareradiusntMatch4.09

iea_softwareradiusntMatch5.0.4a

iea_softwareradiusntMatch5.0.7a

iea_softwareradiusntMatch5.0.8b

iea_softwareradiusntMatch5.0.9b

iea_softwareradiusntMatch5.0.10b

iea_softwareradiusntMatch5.0.13b

iea_softwareradiusntMatch5.0.15b

iea_softwareradiusntMatch5.0.17

iea_softwareradiusntMatch5.0.22

iea_softwareradiusntMatch5.0.27

iea_softwareradiusntMatch5.0.29

iea_softwareradiusntMatch5.0.31

iea_softwareradiusntMatch5.0.35

iea_softwareradiusntMatch5.0.36

iea_softwareradiusntMatch5.0.38

iea_softwareradiusntMatch5.0.39

iea_softwareradiusntMatch5.0.42

iea_softwareradiusntMatch5.0.43

iea_softwareradiusntMatch5.0.45

iea_softwareradiusntMatch5.0.49

iea_softwareradiusntMatch5.0.50

iea_softwareradiusntMatch5.0.54

iea_softwareradiusntMatch5.0.55

iea_softwareradiusntMatch5.0.58

iea_softwareradiusntMatch5.1.3

iea_softwareradiusntMatch5.1.4

iea_softwareradiusntMatch5.1.5

iea_softwareradiusntMatch5.1.6

iea_softwareradiusntMatch5.1.10

iea_softwareradiusntMatch5.1.15

iea_softwareradiusntMatch5.1.16

iea_softwareradiusntMatch5.1.17

iea_softwareradiusntMatch5.1.19

iea_softwareradiusntMatch5.1.24

iea_softwareradiusntMatch5.1.25

iea_softwareradiusntMatch5.1.29

iea_softwareradiusntMatch5.1.35

iea_softwareradiusntMatch5.1.38

iea_softwareradiusntMatch5.1.40

iea_softwareradiusntMatch5.1.41

iea_softwareradiusxRange≤5.1.42

iea_softwareradiusxMatch3.0.145

iea_softwareradiusxMatch3.0.147

iea_softwareradiusxMatch3.0.149

iea_softwareradiusxMatch3.0.150

iea_softwareradiusxMatch3.0.154

iea_softwareradiusxMatch3.0.158

iea_softwareradiusxMatch3.0.162

iea_softwareradiusxMatch3.0.167

iea_softwareradiusxMatch3.0.168

iea_softwareradiusxMatch3.0.171

iea_softwareradiusxMatch3.0.172

iea_softwareradiusxMatch3.0.173

iea_softwareradiusxMatch3.0.174

iea_softwareradiusxMatch3.0.175

iea_softwareradiusxMatch3.0.176

iea_softwareradiusxMatch3.0.177

iea_softwareradiusxMatch3.0.178

iea_softwareradiusxMatch3.0.179

iea_softwareradiusxMatch3.0.182

iea_softwareradiusxMatch3.0.183

iea_softwareradiusxMatch3.0.184

iea_softwareradiusxMatch3.0.185

iea_softwareradiusxMatch3.0.186

iea_softwareradiusxMatch3.0.188

iea_softwareradiusxMatch3.0.189

iea_softwareradiusxMatch3.0.190

iea_softwareradiusxMatch3.0.191

iea_softwareradiusxMatch4.0.1

iea_softwareradiusxMatch4.0.2

iea_softwareradiusxMatch4.0.3

iea_softwareradiusxMatch4.0.5

iea_softwareradiusxMatch4.0.6

iea_softwareradiusxMatch4.0.7

iea_softwareradiusxMatch4.0.8

iea_softwareradiusxMatch4.0.9

iea_softwareradiusxMatch4.0.10

iea_softwareradiusxMatch4.0.11

iea_softwareradiusxMatch4.0.12

iea_softwareradiusxMatch4.0.13

iea_softwareradiusxMatch4.0.14

iea_softwareradiusxMatch4.0.15

iea_softwareradiusxMatch4.0.17

iea_softwareradiusxMatch4.0.20

iea_softwareradiusxMatch4.0.21

iea_softwareradiusxMatch4.0.23

iea_softwareradiusxMatch4.0.24

iea_softwareradiusxMatch4.0.26

iea_softwareradiusxMatch4.0.27

iea_softwareradiusxMatch4.0.28

iea_softwareradiusxMatch4.0.29

iea_softwareradiusxMatch4.0.30

iea_softwareradiusxMatch4.0.31

iea_softwareradiusxMatch4.0.32

iea_softwareradiusxMatch4.0.33

iea_softwareradiusxMatch4.0.34

iea_softwareradiusxMatch4.0.35

iea_softwareradiusxMatch4.0.38

iea_softwareradiusxMatch4.0.39

iea_softwareradiusxMatch4.0.40

iea_softwareradiusxMatch4.0.41

iea_softwareradiusxMatch4.0.43

iea_softwareradiusxMatch4.0.44

iea_softwareradiusxMatch4.0.47

iea_softwareradiusxMatch4.0.49

iea_softwareradiusxMatch4.0.51

iea_softwareradiusxMatch4.0.54

iea_softwareradiusxMatch4.0.55

iea_softwareradiusxMatch4.0.56

iea_softwareradiusxMatch4.0.57

iea_softwareradiusxMatch4.0.59

iea_softwareradiusxMatch4.0.60

iea_softwareradiusxMatch4.0.62

iea_softwareradiusxMatch4.0.63

iea_softwareradiusxMatch4.0.67

iea_softwareradiusxMatch4.0.68

iea_softwareradiusxMatch4.0.69

iea_softwareradiusxMatch4.0.70

iea_softwareradiusxMatch4.0.71

iea_softwareradiusxMatch4.0.72

iea_softwareradiusxMatch4.0.73

iea_softwareradiusxMatch4.0.74

iea_softwareradiusxMatch4.0.75

iea_softwareradiusxMatch4.0.76

iea_softwareradiusxMatch4.0.77

iea_softwareradiusxMatch4.0.79

iea_softwareradiusxMatch4.0.80

iea_softwareradiusxMatch4.0.81

iea_softwareradiusxMatch4.0.82

iea_softwareradiusxMatch4.0.83

iea_softwareradiusxMatch4.0.84

iea_softwareradiusxMatch4.0.85

iea_softwareradiusxMatch4.0.86

iea_softwareradiusxMatch4.0.87

iea_softwareradiusxMatch4.0.88

iea_softwareradiusxMatch4.0.193

iea_softwareradiusxMatch5.0.4a

iea_softwareradiusxMatch5.0.7a

iea_softwareradiusxMatch5.0.8b

iea_softwareradiusxMatch5.0.9b

iea_softwareradiusxMatch5.0.10b

iea_softwareradiusxMatch5.0.13b

iea_softwareradiusxMatch5.0.15b

iea_softwareradiusxMatch5.0.17

iea_softwareradiusxMatch5.0.22

iea_softwareradiusxMatch5.0.27

iea_softwareradiusxMatch5.0.29

iea_softwareradiusxMatch5.0.31

iea_softwareradiusxMatch5.0.35

iea_softwareradiusxMatch5.0.36

iea_softwareradiusxMatch5.0.38

iea_softwareradiusxMatch5.0.39

iea_softwareradiusxMatch5.0.42

iea_softwareradiusxMatch5.0.43

iea_softwareradiusxMatch5.0.45

iea_softwareradiusxMatch5.0.49

iea_softwareradiusxMatch5.0.50

iea_softwareradiusxMatch5.0.54

iea_softwareradiusxMatch5.0.55

iea_softwareradiusxMatch5.0.57

iea_softwareradiusxMatch5.0.58

iea_softwareradiusxMatch5.1.3

iea_softwareradiusxMatch5.1.4

iea_softwareradiusxMatch5.1.5

iea_softwareradiusxMatch5.1.6

iea_softwareradiusxMatch5.1.10

iea_softwareradiusxMatch5.1.15

iea_softwareradiusxMatch5.1.16

iea_softwareradiusxMatch5.1.17

iea_softwareradiusxMatch5.1.19

iea_softwareradiusxMatch5.1.24

iea_softwareradiusxMatch5.1.25

iea_softwareradiusxMatch5.1.29

iea_softwareradiusxMatch5.1.35

iea_softwareradiusxMatch5.1.38

iea_softwareradiusxMatch5.1.40

iea_softwareradiusxMatch5.1.41

iea_softwareradloginMatch4.0.15

iea_softwareradloginMatch4.0.20

CPENameOperatorVersion
iea_software:air_marshaliea software air marshaleq1.0.3
iea_software:air_marshaliea software air marshaleq1.0.4
iea_software:air_marshaliea software air marshaleq1.0.5
iea_software:air_marshaliea software air marshaleq1.0.6
iea_software:air_marshaliea software air marshaleq1.0.7
iea_software:air_marshaliea software air marshaleq1.0.8
iea_software:air_marshaliea software air marshaleq1.0.9
iea_software:air_marshaliea software air marshaleq1.0.10
iea_software:air_marshaliea software air marshaleq1.0.11
iea_software:air_marshaliea software air marshaleq1.0.15

CPE	Name	Operator	Version
iea_software:air_marshal	iea software air marshal	eq	1.0.3
iea_software:air_marshal	iea software air marshal	eq	1.0.4
iea_software:air_marshal	iea software air marshal	eq	1.0.5
iea_software:air_marshal	iea software air marshal	eq	1.0.6
iea_software:air_marshal	iea software air marshal	eq	1.0.7
iea_software:air_marshal	iea software air marshal	eq	1.0.8
iea_software:air_marshal	iea software air marshal	eq	1.0.9
iea_software:air_marshal	iea software air marshal	eq	1.0.10
iea_software:air_marshal	iea software air marshal	eq	1.0.11
iea_software:air_marshal	iea software air marshal	eq	1.0.15

Rows per page:

1-10 of 3211

References

aluigi.altervista.org/adv/emerdal-adv.txt

secunia.com/advisories/28846

www.iea-software.com/docs/airmarshal1/changes.txt

www.iea-software.com/docs/Emerald5/changes.txt

www.iea-software.com/docs/Radius40/changes.txt

www.securityfocus.com/archive/1/487810/100/200/threaded

www.securityfocus.com/bid/27701

www.vupen.com/english/advisories/2008/0484

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.084 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2008-5284

cvelist1 nvd1 prion1