Remote Denial of Service in GNU Radius Daemon
CVE-2004-0131
Currently unrated
Summary
The rad_print_request function within logger.c of GNU Radius daemon allows remote attackers to exploit a misconstructed UDP packet. By sending a packet that includes an Acct-Status-Type attribute without a value, and lacking an Acct-Session-Id attribute, attackers can trigger a null dereference, leading to a denial of service. This vulnerability impacts versions of the software prior to 1.2, rendering the service susceptible to crashes.
References
Timeline
Vulnerability published
Vulnerability Reserved