Remote Denial of Service in GNU Radius Daemon
CVE-2004-0131

Currently unrated

Key Information:

Vendor: Gnu
Status: Radius
Vendor: CVE Published:; 3 March 2004

Summary

The rad_print_request function within logger.c of GNU Radius daemon allows remote attackers to exploit a misconstructed UDP packet. By sending a packet that includes an Acct-Status-Type attribute without a value, and lacking an Acct-Session-Id attribute, attackers can trigger a null dereference, leading to a denial of service. This vulnerability impacts versions of the software prior to 1.2, rendering the service susceptible to crashes.

References

http://www.idefense.com/application/poi/display?id=71&typ...

third-party-advisoryx_refsource_IDEFENSE

http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/277396

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Mar 3, 2004
Vulnerability Reserved
Feb 10, 2004