CVE-2001-1376: Buffer Overflow

First published: Mon Mar 04 2002(Updated: )

Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ascend RADIUS	=1.16
FreeRADIUS	=0.2
FreeRADIUS	=0.3
GNU Radius	=0.92.1
GNU Radius	=0.93
GNU Radius	=0.94
GNU Radius	=0.95
ICRadius	=0.14
ICRadius	=0.15
ICRadius	=0.16
ICRadius	=0.17
ICRadius	=0.17b
ICRadius	=0.18
ICRadius	=0.18.1
Livingston RADIUS	=2.0
Livingston RADIUS	=2.0.1
Livingston RADIUS	=2.1
Lucent RADIUS	=2.0
Lucent RADIUS	=2.0.1
Lucent RADIUS	=2.1
Cistron RADIUS	=1.6.1
Cistron RADIUS	=1.6.2
Cistron RADIUS	=1.6.3
Cistron RADIUS	=1.6.4
Cistron RADIUS	=1.6.5
Cistron RADIUS	=1.6_.0
OpenRADIUS	=0.8
OpenRADIUS	=0.9
OpenRADIUS	=0.9.1
OpenRADIUS	=0.9.2
OpenRADIUS	=0.9.3
radiusclient	=0.3.1
ICRadius	=1.1_pre1
yard RADIUS	=1.0.17
yard RADIUS	=1.0.18
yard RADIUS	=1.0.19
yard RADIUS	=1.0_pre13
yard RADIUS	=1.0_pre14
yard RADIUS	=1.0_pre15
yard RADIUS	=1.0.16

Remedy

http://www.cert.org/advisories/CA-2002-06.html

Remedy

http://www.securityfocus.com/bid/3530

Never miss a vulnerability like this again

Reference Links

agent/type
agent/remedy
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/yard radius
product/yard radius
canonical/yard radius yard radius
vendor/ascend
product/radius
canonical/ascend radius
vendor/lucent
canonical/lucent radius
vendor/openradius
product/openradius
canonical/openradius openradius
vendor/icradius
product/icradius
canonical/icradius icradius
vendor/gnu
canonical/gnu radius
vendor/freeradius
product/freeradius
canonical/freeradius freeradius
vendor/miquel van smoorenburg cistron
canonical/miquel van smoorenburg cistron radius
vendor/xtradius
product/xtradius
canonical/xtradius xtradius
vendor/livingston
canonical/livingston radius
vendor/radiusclient
product/radiusclient
canonical/radiusclient radiusclient
vendor/yard radius project
canonical/yard radius project yard radius
agent/softwarecombine
version/ascend radius/1.16
canonical/freeradius
version/freeradius/0.2
version/freeradius/0.3
version/gnu radius/0.92.1
version/gnu radius/0.93
version/gnu radius/0.94
version/gnu radius/0.95
canonical/icradius
version/icradius/0.14
version/icradius/0.15
version/icradius/0.16
version/icradius/0.17
version/icradius/0.17b
version/icradius/0.18
version/icradius/0.18.1
version/livingston radius/2.0
version/livingston radius/2.0.1
version/livingston radius/2.1
version/lucent radius/2.0
version/lucent radius/2.0.1
version/lucent radius/2.1
canonical/cistron radius
version/cistron radius/1.6.1
version/cistron radius/1.6.2
version/cistron radius/1.6.3
version/cistron radius/1.6.4
version/cistron radius/1.6.5
version/cistron radius/1.6_.0
canonical/openradius
version/openradius/0.8
version/openradius/0.9
version/openradius/0.9.1
version/openradius/0.9.2
version/openradius/0.9.3
canonical/radiusclient
version/radiusclient/0.3.1
version/icradius/1.1_pre1
canonical/yard radius
version/yard radius/1.0.17
version/yard radius/1.0.18
version/yard radius/1.0.19
version/yard radius/1.0_pre13
version/yard radius/1.0_pre14
version/yard radius/1.0_pre15
version/yard radius/1.0.16

CVE-2001-1376: Buffer Overflow

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact