CVE-2001-1377

Current Description

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Basic Data

PublishedMarch 04, 2002
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFreeradiusFreeradius0.2*******
    2.3ApplicationFreeradiusFreeradius0.3*******
    2.3ApplicationGnuRadius0.92.1*******
    2.3ApplicationGnuRadius0.93*******
    2.3ApplicationGnuRadius0.94*******
    2.3ApplicationGnuRadius0.95*******
    2.3ApplicationIcradiusIcradius0.14*******
    2.3ApplicationIcradiusIcradius0.15*******
    2.3ApplicationIcradiusIcradius0.16*******
    2.3ApplicationIcradiusIcradius0.17*******
    2.3ApplicationIcradiusIcradius0.17b*******
    2.3ApplicationIcradiusIcradius0.18*******
    2.3ApplicationIcradiusIcradius0.18.1*******
    2.3ApplicationLivingstonRadius2.0*******
    2.3ApplicationLivingstonRadius2.0.1*******
    2.3ApplicationLivingstonRadius2.1*******
    2.3ApplicationLucentRadius2.0*******
    2.3ApplicationLucentRadius2.0.1*******
    2.3ApplicationLucentRadius2.1*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.1*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.2*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.3*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.4*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6.5*******
    2.3ApplicationMiquel Van Smoorenburg CistronRadius1.6_.0*******
    2.3ApplicationOpenradiusOpenradius0.8*******
    2.3ApplicationOpenradiusOpenradius0.9*******
    2.3ApplicationOpenradiusOpenradius0.9.1*******
    2.3ApplicationOpenradiusOpenradius0.9.2*******
    2.3ApplicationOpenradiusOpenradius0.9.3*******
    2.3ApplicationRadiusclientRadiusclient0.3.1*******
    2.3ApplicationXtradiusXtradius1.1_pre1*******
    2.3ApplicationXtradiusXtradius1.1_pre2*******
    2.3ApplicationYard RadiusYard Radius1.0.17*******
    2.3ApplicationYard RadiusYard Radius1.0.18*******
    2.3ApplicationYard RadiusYard Radius1.0.19*******
    2.3ApplicationYard RadiusYard Radius1.0_pre13*******
    2.3ApplicationYard RadiusYard Radius1.0_pre14*******
    2.3ApplicationYard RadiusYard Radius1.0_pre15*******
    2.3ApplicationYard Radius ProjectYard Radius1.0.16*******

Vulnerable Software List

VendorProductVersions
Icradius Icradius 0.14, 0.15, 0.16, 0.17, 0.17b, 0.18, 0.18.1
Livingston Radius 2.0, 2.0.1, 2.1
Freeradius Freeradius 0.2, 0.3
Miquel Van Smoorenburg Cistron Radius 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6_.0
Openradius Openradius 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3
Radiusclient Radiusclient 0.3.1
Xtradius Xtradius 1.1_pre1, 1.1_pre2
Yard Radius Yard Radius 1.0.17, 1.0.18, 1.0.19, 1.0_pre13, 1.0_pre14, 1.0_pre15
Gnu Radius 0.92.1, 0.93, 0.94, 0.95
Yard Radius Project Yard Radius 1.0.16
Lucent Radius 2.0, 2.0.1, 2.1

References

NameSourceURLTags
FreeBSD-SN-02:02ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.ascFREEBSD
SuSE-SA:2002:013http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.htmlSUSE
CLA-2002:466http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466CONECTIVA
20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementationshttp://marc.info/?l=bugtraq&m=101537153021792&w=2BUGTRAQ
CA-2002-06http://www.cert.org/advisories/CA-2002-06.htmlCERTPatch Third Party Advisory US Government Resource
radius-vendor-attribute-dos(8354)http://www.iss.net/security_center/static/8354.phpXFPatch Vendor Advisory
VU#936683http://www.kb.cert.org/vuls/id/936683CERT-VNPatch Third Party Advisory US Government Resource
RHSA-2002:030http://www.redhat.com/support/errata/RHSA-2002-030.htmlREDHAT
4230http://www.securityfocus.com/bid/4230BIDPatch Vendor Advisory