CVE-2001-1376

Current Description

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

Basic Data

PublishedMarch 04, 2002
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAscendRadius1.16*******
    2.3ApplicationFreeradiusFreeradius0.2*******
    2.3ApplicationFreeradiusFreeradius0.3*******
    2.3ApplicationGnuRadius0.92.1*******
    2.3ApplicationGnuRadius0.93*******
    2.3ApplicationGnuRadius0.94*******
    2.3ApplicationGnuRadius0.95*******
    2.3ApplicationIcradiusIcradius0.14*******
    2.3ApplicationIcradiusIcradius0.15*******
    2.3ApplicationIcradiusIcradius0.16*******
    2.3ApplicationIcradiusIcradius0.17*******
    2.3ApplicationIcradiusIcradius0.17b*******
    2.3ApplicationIcradiusIcradius0.18*******
    2.3ApplicationIcradiusIcradius0.18.1*******
    2.3ApplicationLivingstonRadius2.0*******
    2.3ApplicationLivingstonRadius2.0.1*******
    2.3ApplicationLivingstonRadius2.1*******
    2.3ApplicationLucentRadius2.0*******
    2.3ApplicationLucentRadius2.0.1*******
    2.3ApplicationLucentRadius2.1*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.1*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.2*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.3*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.4*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.5*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6_.0*******
    2.3ApplicationOpenradiusOpenradius0.8*******
    2.3ApplicationOpenradiusOpenradius0.9*******
    2.3ApplicationOpenradiusOpenradius0.9.1*******
    2.3ApplicationOpenradiusOpenradius0.9.2*******
    2.3ApplicationOpenradiusOpenradius0.9.3*******
    2.3ApplicationRadiusclientRadiusclient0.3.1*******
    2.3ApplicationXtradiusXtradius1.1_pre1*******
    2.3ApplicationYard RadiusYard Radius1.0.17*******
    2.3ApplicationYard RadiusYard Radius1.0.18*******
    2.3ApplicationYard RadiusYard Radius1.0.19*******
    2.3ApplicationYard RadiusYard Radius1.0_pre13*******
    2.3ApplicationYard RadiusYard Radius1.0_pre14*******
    2.3ApplicationYard RadiusYard Radius1.0_pre15*******
    2.3ApplicationYard Radius ProjectYard Radius1.0.16*******

Vulnerable Software List

VendorProductVersions
Icradius Icradius 0.14, 0.15, 0.16, 0.17, 0.17b, 0.18, 0.18.1
Livingston Radius 2.0, 2.0.1, 2.1
Freeradius Freeradius 0.2, 0.3
Miquel Van Smoorenburg Cistron Radius 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6_.0
Openradius Openradius 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3
Radiusclient Radiusclient 0.3.1
Xtradius Xtradius 1.1_pre1
Ascend Radius 1.16
Yard Radius Yard Radius 1.0.17, 1.0.18, 1.0.19, 1.0_pre13, 1.0_pre14, 1.0_pre15
Gnu Radius 0.92.1, 0.93, 0.94, 0.95
Yard Radius Project Yard Radius 1.0.16
Lucent Radius 2.0, 2.0.1, 2.1

References

NameSourceURLTags
SuSE-SA:2002:013http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.htmlSUSE
CLA-2002:466http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466CONECTIVA
20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementationshttp://marc.info/?l=bugtraq&m=101537153021792&w=2BUGTRAQ
20011113 More problems with RADIUS (protocol and implementations)http://online.securityfocus.com/archive/1/239784BUGTRAQVendor Advisory
CA-2002-06http://www.cert.org/advisories/CA-2002-06.htmlCERTPatch Third Party Advisory US Government Resource
VU#589523http://www.kb.cert.org/vuls/id/589523CERT-VNUS Government Resource
RHSA-2002:030http://www.redhat.com/support/errata/RHSA-2002-030.htmlREDHAT
3530http://www.securityfocus.com/bid/3530BIDPatch Vendor Advisory
radius-message-digest-bo(7534)https://exchange.xforce.ibmcloud.com/vulnerabilities/7534XF