Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| icradius | icradius | 0.14 |
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lucent | radius | 2.1 |
| livingston | radius | 2.0 |
| miquel_van_smoorenburg_cistron | radius | 1.6.3 |
| yard_radius | yard_radius | 1.0.17 |
| gnu | radius | 0.93 |
| miquel_van_smoorenburg_cistron | radius | 1.6.4 |
| yard_radius_project | yard_radius | 1.0.16 |
| icradius | icradius | 0.17 |
| freeradius | freeradius | 0.3 |
| openradius | openradius | 0.9.3 |
| xtradius | xtradius | 1.1_pre1 |
| miquel_van_smoorenburg_cistron | radius | 1.6_.0 |
| livingston | radius | 2.1 |
| openradius | openradius | 0.9.1 |
| icradius | icradius | 0.14 |
| ascend | radius | 1.16 |
| gnu | radius | 0.92.1 |
| openradius | openradius | 0.9 |
| yard_radius | yard_radius | 1.0_pre13 |
| radiusclient | radiusclient | 0.3.1 |
| gnu | radius | 0.94 |
| yard_radius | yard_radius | 1.0_pre14 |
| icradius | icradius | 0.18.1 |
| livingston | radius | 2.0.1 |
| icradius | icradius | 0.15 |
| yard_radius | yard_radius | 1.0.18 |
| freeradius | freeradius | 0.2 |
| icradius | icradius | 0.17b |
| lucent | radius | 2.0.1 |
| icradius | icradius | 0.16 |
| icradius | icradius | 0.18 |
| miquel_van_smoorenburg_cistron | radius | 1.6.1 |
| gnu | radius | 0.95 |
| openradius | openradius | 0.8 |
| openradius | openradius | 0.9.2 |
| miquel_van_smoorenburg_cistron | radius | 1.6.5 |
| lucent | radius | 2.0 |
| yard_radius | yard_radius | 1.0_pre15 |
| miquel_van_smoorenburg_cistron | radius | 1.6.2 |
| yard_radius | yard_radius | 1.0.19 |
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lucent | radius | 2.1 |
| livingston | radius | 2.0 |
| miquel_van_smoorenburg_cistron | radius | 1.6.3 |
| yard_radius | yard_radius | 1.0.17 |
| gnu | radius | 0.93 |
| miquel_van_smoorenburg_cistron | radius | 1.6.4 |
| yard_radius_project | yard_radius | 1.0.16 |
| icradius | icradius | 0.17 |
| freeradius | freeradius | 0.3 |
| openradius | openradius | 0.9.3 |
| xtradius | xtradius | 1.1_pre1 |
| miquel_van_smoorenburg_cistron | radius | 1.6_.0 |
| livingston | radius | 2.1 |
| openradius | openradius | 0.9.1 |
| icradius | icradius | 0.14 |
| xtradius | xtradius | 1.1_pre2 |
| gnu | radius | 0.92.1 |
| openradius | openradius | 0.9 |
| yard_radius | yard_radius | 1.0_pre13 |
| radiusclient | radiusclient | 0.3.1 |
| gnu | radius | 0.94 |
| yard_radius | yard_radius | 1.0_pre14 |
| icradius | icradius | 0.18.1 |
| livingston | radius | 2.0.1 |
| icradius | icradius | 0.15 |
| yard_radius | yard_radius | 1.0.18 |
| freeradius | freeradius | 0.2 |
| icradius | icradius | 0.17b |
| lucent | radius | 2.0.1 |
| icradius | icradius | 0.16 |
| icradius | icradius | 0.18 |
| miquel_van_smoorenburg_cistron | radius | 1.6.1 |
| gnu | radius | 0.95 |
| openradius | openradius | 0.8 |
| openradius | openradius | 0.9.2 |
| miquel_van_smoorenburg_cistron | radius | 1.6.5 |
| lucent | radius | 2.0 |
| yard_radius | yard_radius | 1.0_pre15 |
| miquel_van_smoorenburg_cistron | radius | 1.6.2 |
| yard_radius | yard_radius | 1.0.19 |