CVE-2004-0987

Current Description

Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationYard RadiusYard Radius1.0.17*******
    2.3ApplicationYard RadiusYard Radius1.0.18*******
    2.3ApplicationYard RadiusYard Radius1.0.19*******
    2.3ApplicationYard RadiusYard Radius1.0.20*******
    2.3ApplicationYard RadiusYard Radius1.0_pre13*******
    2.3ApplicationYard RadiusYard Radius1.0_pre14*******
    2.3ApplicationYard RadiusYard Radius1.0_pre15*******
    2.3ApplicationYard Radius ProjectYard Radius1.0.16*******

Vulnerable Software List

VendorProductVersions
Yard Radius Yard Radius 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.0_pre13, 1.0_pre14, 1.0_pre15
Yard Radius Project Yard Radius 1.0.16

References

NameSourceURLTags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278384http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278384MISC
DSA-598http://www.debian.org/security/2004/dsa-598DEBIANPatch Vendor Advisory
11753http://www.securityfocus.com/bid/11753BIDPatch Vendor Advisory
yardradius-processmenu-bo(18270)https://exchange.xforce.ibmcloud.com/vulnerabilities/18270XF