Lucene search

FreeBSDE6F0EDD8-0B40-11D9-8A8A-000C41E2CDAD

HistorySep 15, 2004 - 12:00 a.m.

gnu-radius -- SNMP-related denial-of-service

2004-09-1500:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

81.0%

JSON

An iDEFENSE security advisory reports:

Remote exploitation of an input validation error in
version 1.2 of GNU radiusd could allow a denial of
service.
The vulnerability specifically exists within
the asn_decode_string() function defined in
snmplib/asn1.c. When a very large unsigned number is
supplied, it is possible that an integer overflow will
occur in the bounds-checking code. The daemon will then
attempt to reference unallocated memory, resulting in an
access violation that causes the process to terminate.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgnu-radius< 1.2.94UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gnu-radius	< 1.2.94	UNKNOWN

References

www.idefense.com/application/poi/display?id=141&type=vulnerabilities

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

81.0%

JSON

Related for E6F0EDD8-0B40-11D9-8A8A-000C41E2CDAD