Lucene search

[email protected]CVE-2001-1377

HistoryJun 11, 2002 - 4:00 a.m.

CVE-2001-1377

2002-06-1104:00:00

[email protected]

web.nvd.nist.gov

cve-2001-1377

radius implementations

vendor-length

remote attacks

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Affected configurations

NVD

Node

freeradiusfreeradiusMatch0.2

freeradiusfreeradiusMatch0.3

gnuradiusMatch0.92.1

gnuradiusMatch0.93

gnuradiusMatch0.94

gnuradiusMatch0.95

icradiusicradiusMatch0.14

icradiusicradiusMatch0.15

icradiusicradiusMatch0.16

icradiusicradiusMatch0.17

icradiusicradiusMatch0.17b

icradiusicradiusMatch0.18

icradiusicradiusMatch0.18.1

livingstonradiusMatch2.0

livingstonradiusMatch2.0.1

livingstonradiusMatch2.1

lucentradiusMatch2.0

lucentradiusMatch2.0.1

lucentradiusMatch2.1

miquel_van_smoorenburg_cistronradiusMatch1.6.1

miquel_van_smoorenburg_cistronradiusMatch1.6.2

miquel_van_smoorenburg_cistronradiusMatch1.6.3

miquel_van_smoorenburg_cistronradiusMatch1.6.4

miquel_van_smoorenburg_cistronradiusMatch1.6.5

miquel_van_smoorenburg_cistronradiusMatch1.6_.0

openradiusopenradiusMatch0.8

openradiusopenradiusMatch0.9

openradiusopenradiusMatch0.9.1

openradiusopenradiusMatch0.9.2

openradiusopenradiusMatch0.9.3

radiusclientradiusclientMatch0.3.1

xtradiusxtradiusMatch1.1_pre1

xtradiusxtradiusMatch1.1_pre2

yard_radiusyard_radiusMatch1.0.17

yard_radiusyard_radiusMatch1.0.18

yard_radiusyard_radiusMatch1.0.19

yard_radiusyard_radiusMatch1.0_pre13

yard_radiusyard_radiusMatch1.0_pre14

yard_radiusyard_radiusMatch1.0_pre15

yard_radius_projectyard_radiusMatch1.0.16

CPENameOperatorVersion
freeradius:freeradiusfreeradiuseq0.2
freeradius:freeradiusfreeradiuseq0.3
gnu:radiusgnu radiuseq0.92.1
gnu:radiusgnu radiuseq0.93
gnu:radiusgnu radiuseq0.94
gnu:radiusgnu radiuseq0.95
icradius:icradiusicradiuseq0.14
icradius:icradiusicradiuseq0.15
icradius:icradiusicradiuseq0.16
icradius:icradiusicradiuseq0.17

CPE	Name	Operator	Version
freeradius:freeradius	freeradius	eq	0.2
freeradius:freeradius	freeradius	eq	0.3
gnu:radius	gnu radius	eq	0.92.1
gnu:radius	gnu radius	eq	0.93
gnu:radius	gnu radius	eq	0.94
gnu:radius	gnu radius	eq	0.95
icradius:icradius	icradius	eq	0.14
icradius:icradius	icradius	eq	0.15
icradius:icradius	icradius	eq	0.16
icradius:icradius	icradius	eq	0.17

Rows per page:

1-10 of 401

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc

archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466

marc.info/?l=bugtraq&m=101537153021792&w=2

www.cert.org/advisories/CA-2002-06.html

www.iss.net/security_center/static/8354.php

www.kb.cert.org/vuls/id/936683

www.redhat.com/support/errata/RHSA-2002-030.html

www.securityfocus.com/bid/4230

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2001-1377

cvelist1 cert1 nvd1 suse1