[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-0967Date: (C)2003-12-15   (M)2023-12-22


rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://marc.info/?l=bugtraq&m=106935911101493&w=2
http://marc.info/?l=bugtraq&m=106944220426970
RHSA-2003:386
http://marc.info/?l=freeradius-users&m=106947389449613&w=2
http://marc.theaimsgroup.com/?l=freeradius-users&m=106947389449613&w=2

CPE    1
cpe:/a:freeradius:freeradius:0.9.2
OVAL    3
oval:org.secpod.oval:def:500563
oval:org.secpod.oval:def:202166
oval:org.secpod.oval:def:202095

© SecPod Technologies