Overview
The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes.
Description
GNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the rad_print_request() function processes a UDP packet containing Acct-Status-Type and Acct-Session-Id attributes that do not specify values. |
Impact
An attacker who is able to send a UDP packet to the service could cause the Radius daemon (radiusd) to crash. No authentication is required to exploit this vulnerability. The Radius accounting service typically listens on 1813/udp or 1646/udp. |
Solution
Upgrade Upgrade to GNU Radius version 1.2. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities
- http://www.gnu.org/software/radius/radius.html
- http://ftp.gnu.org/gnu/radius/
- http://www.ietf.org/rfc/rfc2866.txt
- http://mail.gnu.org/archive/html/bug-gnu-radius/2004-02/msg00001.html
- http://mail.gnu.org/archive/html/bug-gnu-radius/2004-02/msg00002.html
Acknowledgements
This vulnerability was reported by iDEFENSE Labs.
This document was written by Damon Morda and Art Manion.
Other Information
| CVE IDs: | None |
| Severity Metric: | 7.94 |
| Date Public: | 2004-02-04 |
| Date First Published: | 2004-02-05 |
| Date Last Updated: | 2004-02-05 21:05 UTC |
| Document Revision: | 17 |