SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   mod_auth_radius Vendors:   FreeRADIUS Server Project
Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
SecurityTracker Alert ID:  1012829
SecurityTracker URL:  http://securitytracker.com/id/1012829
CVE Reference:   CVE-2005-0108   (Links to External Site)
Updated:  Jan 28 2005
Original Entry Date:  Jan 11 2005
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.5.7
Description:   An integer overflow vulnerability was reported in Apache mod_auth_radius. A remote user with the ability to monitor and spoof RADIUS packets can cause the target service to crash.

LSS reported that the software copies data based on a user-supplied 'length' value. If a remote user can monitor RADIUS packets and the remote user can spoof RADIUS packets, the remote user can send a specially crafted RADIUS_ACCESS_CHALLENGE to trigger the integer overflow.

The vulnerability resides in 'mod_auth_radius.c' in the radcpy() function.

Leon Juranic is credited with discovering this flaw.

The original advisory is available at:

http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02

Impact:   A remote user can cause the target service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.freeradius.org/mod_auth_radius/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 28 2005 (Debian Issues Fix) Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
Debian has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC