What is the severity of CVE-2001-1377?

CVE-2001-1377 has been classified as a denial of service vulnerability which could potentially lead to system crashes.

How do I fix CVE-2001-1377?

To mitigate CVE-2001-1377, update your RADIUS implementation to a version that properly validates the Vendor-Length attribute.

Which RADIUS software is affected by CVE-2001-1377?

CVE-2001-1377 affects multiple RADIUS implementations including FreeRADIUS, Lucent RADIUS, and several versions of OpenRADIUS and Yard RADIUS.

Can CVE-2001-1377 be exploited remotely?

Yes, CVE-2001-1377 can be exploited remotely, allowing attackers to cause a denial of service by sending specially crafted requests.

What are the consequences of not addressing CVE-2001-1377?

Failing to address CVE-2001-1377 may result in service interruptions or crashes, affecting the availability of RADIUS services.

Vulnerability/
CVE-2001-1377

medium

CWE

NVD-CWE-Other

4/3/2002

11/6/2002

8/8/2024

CVE-2001-1377

First published: Mon Mar 04 2002(Updated: )

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
yard RADIUS	=1.0_pre15
Lucent RADIUS	=2.0
OpenRADIUS	=0.9
OpenRADIUS	=0.9.3
ICRadius	=0.14
GNU Radius	=0.93
ICRadius	=0.18
OpenRADIUS	=0.8
FreeRADIUS	=0.3
ICRadius	=0.15
Lucent RADIUS	=2.1
Cistron RADIUS	=1.6.4
GNU Radius	=0.95
ICRadius	=0.18.1
ICRadius	=1.1_pre1
Lucent RADIUS	=2.0.1
Livingston RADIUS	=2.0.1
ICRadius	=0.17
ICRadius	=0.16
ICRadius	=0.17b
GNU Radius	=0.94
Cistron RADIUS	=1.6_.0
yard RADIUS	=1.0.18
yard RADIUS	=1.0.17
Cistron RADIUS	=1.6.1
ICRadius	=1.1_pre2
GNU Radius	=0.92.1
Cistron RADIUS	=1.6.3
Livingston RADIUS	=2.1
Livingston RADIUS	=2.0
OpenRADIUS	=0.9.1
yard RADIUS	=1.0_pre13
radiusclient	=0.3.1
OpenRADIUS	=0.9.2
Cistron RADIUS	=1.6.2
FreeRADIUS	=0.2
yard RADIUS	=1.0_pre14
Cistron RADIUS	=1.6.5
yard RADIUS	=1.0.19
yard RADIUS	=1.0.16

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2001-1377?
CVE-2001-1377 has been classified as a denial of service vulnerability which could potentially lead to system crashes.
How do I fix CVE-2001-1377?
To mitigate CVE-2001-1377, update your RADIUS implementation to a version that properly validates the Vendor-Length attribute.
Which RADIUS software is affected by CVE-2001-1377?
CVE-2001-1377 affects multiple RADIUS implementations including FreeRADIUS, Lucent RADIUS, and several versions of OpenRADIUS and Yard RADIUS.
Can CVE-2001-1377 be exploited remotely?
Yes, CVE-2001-1377 can be exploited remotely, allowing attackers to cause a denial of service by sending specially crafted requests.
What are the consequences of not addressing CVE-2001-1377?
Failing to address CVE-2001-1377 may result in service interruptions or crashes, affecting the availability of RADIUS services.

agent/references
agent/type
agent/remedy
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/event
agent/source
agent/tags
collector/nvd-historical
vendor/yard radius
product/yard radius
canonical/yard radius yard radius
vendor/lucent
product/radius
canonical/lucent radius
vendor/openradius
product/openradius
canonical/openradius openradius
vendor/icradius
product/icradius
canonical/icradius icradius
vendor/gnu
canonical/gnu radius
vendor/freeradius
product/freeradius
canonical/freeradius freeradius
vendor/miquel van smoorenburg cistron
canonical/miquel van smoorenburg cistron radius
vendor/xtradius
product/xtradius
canonical/xtradius xtradius
vendor/livingston
canonical/livingston radius
vendor/radiusclient
product/radiusclient
canonical/radiusclient radiusclient
vendor/yard radius project
canonical/yard radius project yard radius
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
canonical/yard radius
version/yard radius/1.0_pre15
version/lucent radius/2.0
canonical/openradius
version/openradius/0.9
version/openradius/0.9.3
canonical/icradius
version/icradius/0.14
version/gnu radius/0.93
version/icradius/0.18
version/openradius/0.8
canonical/freeradius
version/freeradius/0.3
version/icradius/0.15
version/lucent radius/2.1
canonical/cistron radius
version/cistron radius/1.6.4
version/gnu radius/0.95
version/icradius/0.18.1
version/icradius/1.1_pre1
version/lucent radius/2.0.1
version/livingston radius/2.0.1
version/icradius/0.17
version/icradius/0.16
version/icradius/0.17b
version/gnu radius/0.94
version/cistron radius/1.6_.0
version/yard radius/1.0.18
version/yard radius/1.0.17
version/cistron radius/1.6.1
version/icradius/1.1_pre2
version/gnu radius/0.92.1
version/cistron radius/1.6.3
version/livingston radius/2.1
version/livingston radius/2.0
version/openradius/0.9.1
version/yard radius/1.0_pre13
canonical/radiusclient
version/radiusclient/0.3.1
version/openradius/0.9.2
version/cistron radius/1.6.2
version/freeradius/0.2
version/yard radius/1.0_pre14
version/cistron radius/1.6.5
version/yard radius/1.0.19
version/yard radius/1.0.16

CVE-2001-1377

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2001-1377?

How do I fix CVE-2001-1377?

Which RADIUS software is affected by CVE-2001-1377?

Can CVE-2001-1377 be exploited remotely?

What are the consequences of not addressing CVE-2001-1377?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2001-1377?

How do I fix CVE-2001-1377?

Which RADIUS software is affected by CVE-2001-1377?

Can CVE-2001-1377 be exploited remotely?

What are the consequences of not addressing CVE-2001-1377?