Vulnerability Name:

CVE-2001-1377 (CCN-8354)

Assigned:2001-12-18
Published:2001-12-18
Updated:2018-10-30
Summary:Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: FreeBSD Security Notice FreeBSD-SN-02:02
security issues in ports

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SN-02:02

Source: SUSE
Type: UNKNOWN
SuSE-SA:2002:013

Source: MITRE
Type: CNA
CVE-2001-1377

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:466
radiusd-cistron

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:466

Source: BUGTRAQ
Type: UNKNOWN
20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations

Source: CCN
Type: RHSA-2002-030
Updated radiusd-cistron packages are available

Source: CCN
Type: CERT Advisory CA-2002-06
Vulnerabilities in Various Implementations of the RADIUS Protocol

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2002-06

Source: XF
Type: Patch, Vendor Advisory
radius-vendor-attribute-dos(8354)

Source: CCN
Type: US-CERT VU#936683
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#936683

Source: CCN
Type: OSVDB ID: 7324
Multiple RADIUS Implementation Vendor-Specific Attribute DoS

Source: CCN
Type: Cistron RADIUS Web site
Cistron RADIUS server, version 1.6.6

Source: REDHAT
Type: UNKNOWN
RHSA-2002:030

Source: CCN
Type: SECURITY.NNOV Advisory - December, 18 2001
Vulnerabilities in multiple RADIUS clients and servers

Source: BID
Type: Patch, Vendor Advisory
4230

Source: CCN
Type: BID-4230
Multiple Vendor Radius Short Vendor-Length Field Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
radius-vendor-attribute-dos(8354)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.94:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.14:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.15:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.16:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.17:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.17b:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.18:*:*:*:*:*:*:*
  • OR cpe:/a:icradius:icradius:0.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:livingston:radius:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:livingston:radius:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:livingston:radius:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:lucent:radius:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:lucent:radius:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:lucent:radius:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*
  • OR cpe:/a:openradius:openradius:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:openradius:openradius:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:openradius:openradius:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openradius:openradius:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:openradius:openradius:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:xtradius:xtradius:1.1_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.94:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:radius:0.95:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:linux_powertools:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    freeradius freeradius 0.2
    freeradius freeradius 0.3
    gnu radius 0.92.1
    gnu radius 0.93
    gnu radius 0.94
    gnu radius 0.95
    icradius icradius 0.14
    icradius icradius 0.15
    icradius icradius 0.16
    icradius icradius 0.17
    icradius icradius 0.17b
    icradius icradius 0.18
    icradius icradius 0.18.1
    livingston radius 2.0
    livingston radius 2.0.1
    livingston radius 2.1
    lucent radius 2.0
    lucent radius 2.0.1
    lucent radius 2.1
    miquel_van_smoorenburg_cistron radius 1.6.1
    miquel_van_smoorenburg_cistron radius 1.6.2
    miquel_van_smoorenburg_cistron radius 1.6.3
    miquel_van_smoorenburg_cistron radius 1.6.4
    miquel_van_smoorenburg_cistron radius 1.6.5
    miquel_van_smoorenburg_cistron radius 1.6_.0
    openradius openradius 0.8
    openradius openradius 0.9
    openradius openradius 0.9.1
    openradius openradius 0.9.2
    openradius openradius 0.9.3
    radiusclient radiusclient 0.3.1
    xtradius xtradius 1.1_pre1
    xtradius xtradius 1.1_pre2
    yard_radius yard radius 1.0.17
    yard_radius yard radius 1.0.18
    yard_radius yard radius 1.0.19
    yard_radius yard radius 1.0_pre13
    yard_radius yard radius 1.0_pre14
    yard_radius yard radius 1.0_pre15
    yard_radius_project yard radius 1.0.16
    miquel_van_smoorenburg_cistron radius 1.6.4
    yard_radius yard radius 1.0.19
    gnu radius 0.92.1
    gnu radius 0.93
    gnu radius 0.94
    gnu radius 0.95
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    redhat linux powertools 7.0
    redhat linux 7.3