CVE-2001-1377 — MEDIUM (5.0)

Vulnerability Description

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Freeradius	Freeradius	0.2
Gnu	Radius	0.92.1
Icradius	Icradius	0.14
Livingston	Radius	2.0
Lucent	Radius	2.0
Miquel Van Smoorenburg Cistron	Radius	1.6.1
Openradius	Openradius	0.8
Radiusclient	Radiusclient	0.3.1
Xtradius	Xtradius	1.1_pre1
Yard Radius	Yard Radius	1.0.17
Yard Radius Project	Yard Radius	1.0.16

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
http://marc.info/?l=bugtraq&m=101537153021792&w=2
http://www.cert.org/advisories/CA-2002-06.htmlPatchThird Party AdvisoryUS Government Resource
http://www.iss.net/security_center/static/8354.phpPatchVendor Advisory
http://www.kb.cert.org/vuls/id/936683PatchThird Party AdvisoryUS Government Resource
http://www.redhat.com/support/errata/RHSA-2002-030.html
http://www.securityfocus.com/bid/4230PatchVendor Advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
http://marc.info/?l=bugtraq&m=101537153021792&w=2
http://www.cert.org/advisories/CA-2002-06.htmlPatchThird Party AdvisoryUS Government Resource
http://www.iss.net/security_center/static/8354.phpPatchVendor Advisory

FAQ

What is CVE-2001-1377?

CVE-2001-1377 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that...

How severe is CVE-2001-1377?

CVE-2001-1377 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-1377?

Check the references section above for vendor advisories and patch information. Affected products include: Freeradius Freeradius, Gnu Radius, Icradius Icradius, Livingston Radius, Lucent Radius.