Moderate

CVE-2001-1377 - Unspecified vulnerability in multiple products

Publication: 2002-03-04
Summary

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Freeradius Freeradius 0.2
  • Yard Radius Yard Radius 1.0_pre15
  • GNU Radius 0.92.1
  • GNU Radius 0.93
  • GNU Radius 0.94
  • GNU Radius 0.95
  • Icradius Icradius 0.14
  • Icradius Icradius 0.15
  • Icradius Icradius 0.16
  • Icradius Icradius 0.17
  • Icradius Icradius 0.17b
  • Icradius Icradius 0.18
  • Icradius Icradius 0.18.1
  • Livingston Radius 2.0
  • Livingston Radius 2.0.1
  • Livingston Radius 2.1
  • Lucent Radius 2.0
  • Lucent Radius 2.0.1
  • Lucent Radius 2.1
  • Miquel VAN Smoorenburg Cistron Radius 1.6.1
  • Freeradius Freeradius 0.3
  • Miquel VAN Smoorenburg Cistron Radius 1.6.3
  • Miquel VAN Smoorenburg Cistron Radius 1.6.4
  • Miquel VAN Smoorenburg Cistron Radius 1.6.5
  • Miquel VAN Smoorenburg Cistron Radius 1.6_.0
  • Openradius Openradius 0.8
  • Openradius Openradius 0.9
  • Openradius Openradius 0.9.1
  • Openradius Openradius 0.9.2
  • Openradius Openradius 0.9.3
  • Radiusclient Radiusclient 0.3.1
  • Xtradius Xtradius 1.1_pre1
  • Xtradius Xtradius 1.1_pre2
  • Yard Radius Yard Radius 1.0.16
  • Yard Radius Yard Radius 1.0.17
  • Yard Radius Yard Radius 1.0.18
  • Yard Radius Yard Radius 1.0.19
  • Yard Radius Yard Radius 1.0_pre13
  • Yard Radius Yard Radius 1.0_pre14
  • Miquel VAN Smoorenburg Cistron Radius 1.6.2