MidnightBSD

Advisories for yard_radius

CVE-2001-1376 HIGH

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
yard_radius yard_radius 1.0.18
ascend radius 1.16
icradius icradius 0.18.1
livingston radius 2.0.1
miquel_van_smoorenburg_cistron radius 1.6.4
miquel_van_smoorenburg_cistron radius 1.6.3
yard_radius yard_radius 1.0_pre15
radiusclient radiusclient 0.3.1
livingston radius 2.1
yard_radius yard_radius 1.0.19
miquel_van_smoorenburg_cistron radius 1.6_.0
openradius openradius 0.9.1
xtradius xtradius 1.1_pre1
yard_radius yard_radius 1.0_pre14
yard_radius_project yard_radius 1.0.16
miquel_van_smoorenburg_cistron radius 1.6.5
icradius icradius 0.15
miquel_van_smoorenburg_cistron radius 1.6.2
gnu radius 0.92.1
icradius icradius 0.14
livingston radius 2.0
gnu radius 0.95
freeradius freeradius 0.2
openradius openradius 0.9
lucent radius 2.1
yard_radius yard_radius 1.0.17
miquel_van_smoorenburg_cistron radius 1.6.1
yard_radius yard_radius 1.0_pre13
freeradius freeradius 0.3
openradius openradius 0.9.3
icradius icradius 0.18
lucent radius 2.0
gnu radius 0.94
lucent radius 2.0.1
icradius icradius 0.17
icradius icradius 0.16
openradius openradius 0.9.2
gnu radius 0.93
openradius openradius 0.8
icradius icradius 0.17b
CVE-2001-1377 MEDIUM

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
yard_radius yard_radius 1.0.18
icradius icradius 0.18.1
livingston radius 2.0.1
miquel_van_smoorenburg_cistron radius 1.6.4
miquel_van_smoorenburg_cistron radius 1.6.3
yard_radius yard_radius 1.0_pre15
radiusclient radiusclient 0.3.1
livingston radius 2.1
yard_radius yard_radius 1.0.19
miquel_van_smoorenburg_cistron radius 1.6_.0
openradius openradius 0.9.1
xtradius xtradius 1.1_pre1
yard_radius yard_radius 1.0_pre14
yard_radius_project yard_radius 1.0.16
miquel_van_smoorenburg_cistron radius 1.6.5
xtradius xtradius 1.1_pre2
icradius icradius 0.15
miquel_van_smoorenburg_cistron radius 1.6.2
gnu radius 0.92.1
icradius icradius 0.14
livingston radius 2.0
gnu radius 0.95
freeradius freeradius 0.2
openradius openradius 0.9
lucent radius 2.1
yard_radius yard_radius 1.0.17
miquel_van_smoorenburg_cistron radius 1.6.1
yard_radius yard_radius 1.0_pre13
freeradius freeradius 0.3
openradius openradius 0.9.3
icradius icradius 0.18
lucent radius 2.0
gnu radius 0.94
lucent radius 2.0.1
icradius icradius 0.17
icradius icradius 0.16
openradius openradius 0.9.2
gnu radius 0.93
openradius openradius 0.8
icradius icradius 0.17b
CVE-2004-0987 HIGH

Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
yard_radius yard_radius 1.0.18
yard_radius yard_radius 1.0.17
yard_radius yard_radius 1.0_pre13
yard_radius yard_radius 1.0_pre15
yard_radius yard_radius 1.0.19
yard_radius yard_radius 1.0.20
yard_radius yard_radius 1.0_pre14
yard_radius_project yard_radius 1.0.16