GNU Radius rad_print_request DoS

2004-02-04T06:54:51
ID OSVDB:3824
Type osvdb
Reporter OSVDB
Modified 2004-02-04T06:54:51

Description

Vulnerability Description

GNU Radius contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a packet with only an "Acct-Status-Type" attribute and will result in loss of availability for the radiusd server.

Solution Description

Upgrade to version GNU Radius 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

GNU Radius contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a packet with only an "Acct-Status-Type" attribute and will result in loss of availability for the radiusd server.

References:

Secunia Advisory ID:10799 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0164.html Other Advisory URL: http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-11/0055.html ISS X-Force ID: 15046 CVE-2004-0131 CERT VU: 277396 Bugtraq ID: 9578