CVE-2001-1376

Current Description

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

Basic Data

PublishedMarch 04, 2002
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAscendRadius1.16*******
    2.3ApplicationFreeradiusFreeradius0.2*******
    2.3ApplicationFreeradiusFreeradius0.3*******
    2.3ApplicationGnuRadius0.92.1*******
    2.3ApplicationGnuRadius0.93*******
    2.3ApplicationGnuRadius0.94*******
    2.3ApplicationGnuRadius0.95*******
    2.3ApplicationIcradiusIcradius0.14*******
    2.3ApplicationIcradiusIcradius0.15*******
    2.3ApplicationIcradiusIcradius0.16*******
    2.3ApplicationIcradiusIcradius0.17*******
    2.3ApplicationIcradiusIcradius0.17b*******
    2.3ApplicationIcradiusIcradius0.18*******
    2.3ApplicationIcradiusIcradius0.18.1*******
    2.3ApplicationLivingstonRadius2.0*******
    2.3ApplicationLivingstonRadius2.0.1*******
    2.3ApplicationLivingstonRadius2.1*******
    2.3ApplicationLucentRadius2.0*******
    2.3ApplicationLucentRadius2.0.1*******
    2.3ApplicationLucentRadius2.1*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.1*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.2*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.3*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.4*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.5*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6_.0*******
    2.3ApplicationOpenradiusOpenradius0.8*******
    2.3ApplicationOpenradiusOpenradius0.9*******
    2.3ApplicationOpenradiusOpenradius0.9.1*******
    2.3ApplicationOpenradiusOpenradius0.9.2*******
    2.3ApplicationOpenradiusOpenradius0.9.3*******
    2.3ApplicationRadiusclientRadiusclient0.3.1*******
    2.3ApplicationXtradiusXtradius1.1_pre1*******
    2.3ApplicationYard RadiusYard Radius1.0.17*******
    2.3ApplicationYard RadiusYard Radius1.0.18*******
    2.3ApplicationYard RadiusYard Radius1.0.19*******
    2.3ApplicationYard RadiusYard Radius1.0_pre13*******
    2.3ApplicationYard RadiusYard Radius1.0_pre14*******
    2.3ApplicationYard RadiusYard Radius1.0_pre15*******
    2.3ApplicationYard Radius ProjectYard Radius1.0.16*******

Vulnerable Software List

VendorProductVersions
Livingston Radius 2.0, 2.0.1, 2.1
Freeradius Freeradius 0.2, 0.3
Miquel Van Smoorenburg Cistron Radius 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6_.0
Openradius Openradius 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3
Radiusclient Radiusclient 0.3.1
Xtradius Xtradius 1.1_pre1
Ascend Radius 1.16
Yard Radius Yard Radius 1.0.17, 1.0.18, 1.0.19, 1.0_pre13, 1.0_pre14, 1.0_pre15
Gnu Radius 0.92.1, 0.93, 0.94, 0.95
Yard Radius Project Yard Radius 1.0.16
Lucent Radius 2.0, 2.0.1, 2.1
Icradius Icradius 0.14, 0.15, 0.16, 0.17, 0.17b, 0.18, 0.18.1

References

NameSourceURLTags
SuSE-SA:2002:013http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.htmlSUSE
CLA-2002:466http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466CONECTIVA
20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementationshttp://marc.info/?l=bugtraq&m=101537153021792&w=2BUGTRAQ
20011113 More problems with RADIUS (protocol and implementations)http://online.securityfocus.com/archive/1/239784BUGTRAQVendor Advisory
CA-2002-06http://www.cert.org/advisories/CA-2002-06.htmlCERTPatch Third Party Advisory US Government Resource
VU#589523http://www.kb.cert.org/vuls/id/589523CERT-VNUS Government Resource
RHSA-2002:030http://www.redhat.com/support/errata/RHSA-2002-030.htmlREDHAT
3530http://www.securityfocus.com/bid/3530BIDPatch Vendor Advisory
radius-message-digest-bo(7534)https://exchange.xforce.ibmcloud.com/vulnerabilities/7534XF