Lucene search
HistoryDec 15, 2003 - 5:00 a.m.
CVE-2003-0967
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
82.2%
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
Affected configurations
Node
freeradiusfreeradiusRange≤0.9.2
Related
cvelist
cvelist
CVE-2003-0967
2003-12-02 05:00:00
CVE-2009-3111
2009-09-09 18:00:00
nessus
nessus
RHEL 3 : freeradius (RHSA-2003:386)
2004-07-06 00:00:00
RHEL 5 : freeradius (RHSA-2009:1451)
2009-09-18 00:00:00
CentOS 5 : freeradius (CESA-2009:1451)
2010-01-06 00:00:00
redhat
redhat
(RHSA-2003:386) freeradius security update
2003-12-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200311-04 (FreeRADIUS)
2008-09-24 00:00:00
Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)
2010-01-15 00:00:00
CentOS Update for freeradius CESA-2009:1451 centos5 i386
2011-08-09 00:00:00
cve
cve
CVE-2003-0967
2003-12-15 05:00:00
CVE-2009-3111
2009-09-09 18:30:00
ubuntucve
ubuntucve
CVE-2003-0967
2003-12-15 00:00:00
CVE-2009-3111
2009-09-09 00:00:00
debiancve
debiancve
CVE-2003-0967
2003-12-15 05:00:00
CVE-2009-3111
2009-09-09 18:30:00
prion
prion
Design/Logic Flaw
2009-09-09 18:30:00
nvd
nvd
CVE-2009-3111
2009-09-09 18:30:00
securityvulns
securityvulns
[ MDVSA-2009:226 ] freeradius
2009-09-10 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
82.2%
Related for NVD:CVE-2003-0967