CVE-2001-1376: Buffer Overflow
First published: Mon Mar 04 2002(Updated: )
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| yard RADIUS | =1.0_pre15 | |
| Ascend Cascadeview Ux | =1.16 | |
| Lucent RADIUS | =2.0 | |
| Openr Opentmpfiles | =0.9 | |
| Openr Opentmpfiles | =0.9.3 | |
| ICRadius | =0.14 | |
| GNU Radius | =0.93 | |
| ICRadius | =0.18 | |
| Openr Opentmpfiles | =0.8 | |
| FreeRADIUS | =0.3 | |
| ICRadius | =0.15 | |
| Lucent RADIUS | =2.1 | |
| Cistron RADIUS | =1.6.4 | |
| GNU Radius | =0.95 | |
| ICRadius | =0.18.1 | |
| Avalon Ltd Maxtrade | =1.1_pre1 | |
| Lucent RADIUS | =2.0.1 | |
| Livingston RADIUS | =2.0.1 | |
| ICRadius | =0.17 | |
| ICRadius | =0.16 | |
| ICRadius | =0.17b | |
| GNU Radius | =0.94 | |
| Cistron RADIUS | =1.6_.0 | |
| yard RADIUS | =1.0.18 | |
| yard RADIUS | =1.0.17 | |
| Cistron RADIUS | =1.6.1 | |
| GNU Radius | =0.92.1 | |
| Cistron RADIUS | =1.6.3 | |
| Livingston RADIUS | =2.1 | |
| Livingston RADIUS | =2.0 | |
| Openr Opentmpfiles | =0.9.1 | |
| yard RADIUS | =1.0_pre13 | |
| Smsclient | =0.3.1 | |
| Openr Opentmpfiles | =0.9.2 | |
| Cistron RADIUS | =1.6.2 | |
| FreeRADIUS | =0.2 | |
| yard RADIUS | =1.0_pre14 | |
| Cistron RADIUS | =1.6.5 | |
| yard RADIUS | =1.0.19 | |
| yard RADIUS | =1.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://online.securityfocus.com/archive/1/239784
- http://www.cert.org/advisories/CA-2002-06.html
- http://www.securityfocus.com/bid/3530
- http://www.kb.cert.org/vuls/id/589523
- http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
- http://www.redhat.com/support/errata/RHSA-2002-030.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
- http://marc.info/?l=bugtraq&m=101537153021792&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7534
Frequently Asked Questions
What is the severity of CVE-2001-1376?
CVE-2001-1376 has been classified as a high severity vulnerability due to its potential to cause a denial of service and possible remote code execution.
How do I fix CVE-2001-1376?
To fix CVE-2001-1376, upgrade your RADIUS implementation to a version that is not affected by this vulnerability.
What types of software are affected by CVE-2001-1376?
CVE-2001-1376 affects multiple RADIUS implementations, including Ascend RADIUS, FreeRADIUS, and GNU Radius among others.
Can CVE-2001-1376 be exploited remotely?
Yes, CVE-2001-1376 can be exploited remotely by attackers through specially crafted shared secret data.
What is the impact of CVE-2001-1376 on system security?
The impact of CVE-2001-1376 includes denial of service, which can disrupt service availability, and potential arbitrary code execution, compromising system security.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/yard radius
- product/yard radius
- canonical/yard radius yard radius
- vendor/ascend
- product/radius
- canonical/ascend radius
- vendor/lucent
- canonical/lucent radius
- vendor/openradius
- product/openradius
- canonical/openradius openradius
- vendor/icradius
- product/icradius
- canonical/icradius icradius
- vendor/gnu
- canonical/gnu radius
- vendor/freeradius
- product/freeradius
- canonical/freeradius freeradius
- vendor/miquel van smoorenburg cistron
- canonical/miquel van smoorenburg cistron radius
- vendor/xtradius
- product/xtradius
- canonical/xtradius xtradius
- vendor/livingston
- canonical/livingston radius
- vendor/radiusclient
- product/radiusclient
- canonical/radiusclient radiusclient
- vendor/yard radius project
- canonical/yard radius project yard radius
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/yard radius
- version/yard radius/1.0_pre15
- canonical/ascend cascadeview ux
- version/ascend cascadeview ux/1.16
- version/lucent radius/2.0
- canonical/openr opentmpfiles
- version/openr opentmpfiles/0.9
- version/openr opentmpfiles/0.9.3
- canonical/icradius
- version/icradius/0.14
- version/gnu radius/0.93
- version/icradius/0.18
- version/openr opentmpfiles/0.8
- canonical/freeradius
- version/freeradius/0.3
- version/icradius/0.15
- version/lucent radius/2.1
- canonical/cistron radius
- version/cistron radius/1.6.4
- version/gnu radius/0.95
- version/icradius/0.18.1
- canonical/avalon ltd maxtrade
- version/avalon ltd maxtrade/1.1_pre1
- version/lucent radius/2.0.1
- version/livingston radius/2.0.1
- version/icradius/0.17
- version/icradius/0.16
- version/icradius/0.17b
- version/gnu radius/0.94
- version/cistron radius/1.6_.0
- version/yard radius/1.0.18
- version/yard radius/1.0.17
- version/cistron radius/1.6.1
- version/gnu radius/0.92.1
- version/cistron radius/1.6.3
- version/livingston radius/2.1
- version/livingston radius/2.0
- version/openr opentmpfiles/0.9.1
- version/yard radius/1.0_pre13
- canonical/smsclient
- version/smsclient/0.3.1
- version/openr opentmpfiles/0.9.2
- version/cistron radius/1.6.2
- version/freeradius/0.2
- version/yard radius/1.0_pre14
- version/cistron radius/1.6.5
- version/yard radius/1.0.19
- version/yard radius/1.0.16