CVE-2001-1377
First published: Mon Mar 04 2002(Updated: )
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| yard RADIUS | =1.0_pre15 | |
| Lucent RADIUS | =2.0 | |
| Openr Opentmpfiles | =0.9 | |
| Openr Opentmpfiles | =0.9.3 | |
| ICRadius | =0.14 | |
| GNU Radius | =0.93 | |
| ICRadius | =0.18 | |
| Openr Opentmpfiles | =0.8 | |
| FreeRADIUS | =0.3 | |
| ICRadius | =0.15 | |
| Lucent RADIUS | =2.1 | |
| Cistron RADIUS | =1.6.4 | |
| GNU Radius | =0.95 | |
| ICRadius | =0.18.1 | |
| Avalon Ltd Maxtrade | =1.1_pre1 | |
| Lucent RADIUS | =2.0.1 | |
| Livingston RADIUS | =2.0.1 | |
| ICRadius | =0.17 | |
| ICRadius | =0.16 | |
| ICRadius | =0.17b | |
| GNU Radius | =0.94 | |
| Cistron RADIUS | =1.6_.0 | |
| yard RADIUS | =1.0.18 | |
| yard RADIUS | =1.0.17 | |
| Cistron RADIUS | =1.6.1 | |
| Avalon Ltd Maxtrade | =1.1_pre2 | |
| GNU Radius | =0.92.1 | |
| Cistron RADIUS | =1.6.3 | |
| Livingston RADIUS | =2.1 | |
| Livingston RADIUS | =2.0 | |
| Openr Opentmpfiles | =0.9.1 | |
| yard RADIUS | =1.0_pre13 | |
| Smsclient | =0.3.1 | |
| Openr Opentmpfiles | =0.9.2 | |
| Cistron RADIUS | =1.6.2 | |
| FreeRADIUS | =0.2 | |
| yard RADIUS | =1.0_pre14 | |
| Cistron RADIUS | =1.6.5 | |
| yard RADIUS | =1.0.19 | |
| yard RADIUS | =1.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/936683
- http://www.cert.org/advisories/CA-2002-06.html
- http://www.iss.net/security_center/static/8354.php
- http://www.securityfocus.com/bid/4230
- http://www.redhat.com/support/errata/RHSA-2002-030.html
- http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
- http://marc.info/?l=bugtraq&m=101537153021792&w=2
Frequently Asked Questions
What is the severity of CVE-2001-1377?
CVE-2001-1377 has been classified as a denial of service vulnerability which could potentially lead to system crashes.
How do I fix CVE-2001-1377?
To mitigate CVE-2001-1377, update your RADIUS implementation to a version that properly validates the Vendor-Length attribute.
Which RADIUS software is affected by CVE-2001-1377?
CVE-2001-1377 affects multiple RADIUS implementations including FreeRADIUS, Lucent RADIUS, and several versions of OpenRADIUS and Yard RADIUS.
Can CVE-2001-1377 be exploited remotely?
Yes, CVE-2001-1377 can be exploited remotely, allowing attackers to cause a denial of service by sending specially crafted requests.
What are the consequences of not addressing CVE-2001-1377?
Failing to address CVE-2001-1377 may result in service interruptions or crashes, affecting the availability of RADIUS services.
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/yard radius
- product/yard radius
- canonical/yard radius yard radius
- vendor/lucent
- product/radius
- canonical/lucent radius
- vendor/openradius
- product/openradius
- canonical/openradius openradius
- vendor/icradius
- product/icradius
- canonical/icradius icradius
- vendor/gnu
- canonical/gnu radius
- vendor/freeradius
- product/freeradius
- canonical/freeradius freeradius
- vendor/miquel van smoorenburg cistron
- canonical/miquel van smoorenburg cistron radius
- vendor/xtradius
- product/xtradius
- canonical/xtradius xtradius
- vendor/livingston
- canonical/livingston radius
- vendor/radiusclient
- product/radiusclient
- canonical/radiusclient radiusclient
- vendor/yard radius project
- canonical/yard radius project yard radius
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/yard radius
- version/yard radius/1.0_pre15
- version/lucent radius/2.0
- canonical/openr opentmpfiles
- version/openr opentmpfiles/0.9
- version/openr opentmpfiles/0.9.3
- canonical/icradius
- version/icradius/0.14
- version/gnu radius/0.93
- version/icradius/0.18
- version/openr opentmpfiles/0.8
- canonical/freeradius
- version/freeradius/0.3
- version/icradius/0.15
- version/lucent radius/2.1
- canonical/cistron radius
- version/cistron radius/1.6.4
- version/gnu radius/0.95
- version/icradius/0.18.1
- canonical/avalon ltd maxtrade
- version/avalon ltd maxtrade/1.1_pre1
- version/lucent radius/2.0.1
- version/livingston radius/2.0.1
- version/icradius/0.17
- version/icradius/0.16
- version/icradius/0.17b
- version/gnu radius/0.94
- version/cistron radius/1.6_.0
- version/yard radius/1.0.18
- version/yard radius/1.0.17
- version/cistron radius/1.6.1
- version/avalon ltd maxtrade/1.1_pre2
- version/gnu radius/0.92.1
- version/cistron radius/1.6.3
- version/livingston radius/2.1
- version/livingston radius/2.0
- version/openr opentmpfiles/0.9.1
- version/yard radius/1.0_pre13
- canonical/smsclient
- version/smsclient/0.3.1
- version/openr opentmpfiles/0.9.2
- version/cistron radius/1.6.2
- version/freeradius/0.2
- version/yard radius/1.0_pre14
- version/cistron radius/1.6.5
- version/yard radius/1.0.19
- version/yard radius/1.0.16