CVE-2001-1377

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
http://marc.info/?l=bugtraq&m=101537153021792&w=2
http://www.cert.org/advisories/CA-2002-06.html	Patch Third Party Advisory US Government Resource
http://www.iss.net/security_center/static/8354.php	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/936683	Patch Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2002-030.html
http://www.securityfocus.com/bid/4230	Patch Vendor Advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
http://marc.info/?l=bugtraq&m=101537153021792&w=2
http://www.cert.org/advisories/CA-2002-06.html	Patch Third Party Advisory US Government Resource
http://www.iss.net/security_center/static/8354.php	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/936683	Patch Third Party Advisory US Government Resource
http://www.redhat.com/support/errata/RHSA-2002-030.html
http://www.securityfocus.com/bid/4230	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:freeradius:freeradius:0.2:::::::*
	cpe:2.3:a:freeradius:freeradius:0.3:::::::*
	cpe:2.3:a:gnu:radius:0.92.1:::::::*
	cpe:2.3:a:gnu:radius:0.93:::::::*
	cpe:2.3:a:gnu:radius:0.94:::::::*
	cpe:2.3:a:gnu:radius:0.95:::::::*
	cpe:2.3:a:icradius:icradius:0.14:::::::*
	cpe:2.3:a:icradius:icradius:0.15:::::::*
	cpe:2.3:a:icradius:icradius:0.16:::::::*
	cpe:2.3:a:icradius:icradius:0.17:::::::*
	cpe:2.3:a:icradius:icradius:0.17b:::::::*
	cpe:2.3:a:icradius:icradius:0.18:::::::*
	cpe:2.3:a:icradius:icradius:0.18.1:::::::*
	cpe:2.3:a:livingston:radius:2.0:::::::*
	cpe:2.3:a:livingston:radius:2.0.1:::::::*
	cpe:2.3:a:livingston:radius:2.1:::::::*
	cpe:2.3:a:lucent:radius:2.0:::::::*
	cpe:2.3:a:lucent:radius:2.0.1:::::::*
	cpe:2.3:a:lucent:radius:2.1:::::::*
	cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:::::::*
	cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:::::::*
	cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:::::::*
	cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:::::::*
	cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:::::::*
	cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:::::::*
	cpe:2.3:a:openradius:openradius:0.8:::::::*
	cpe:2.3:a:openradius:openradius:0.9:::::::*
	cpe:2.3:a:openradius:openradius:0.9.1:::::::*
	cpe:2.3:a:openradius:openradius:0.9.2:::::::*
	cpe:2.3:a:openradius:openradius:0.9.3:::::::*
	cpe:2.3:a:radiusclient:radiusclient:0.3.1:::::::*
	cpe:2.3:a:xtradius:xtradius:1.1_pre1:::::::*
	cpe:2.3:a:xtradius:xtradius:1.1_pre2:::::::*
	cpe:2.3:a:yard_radius:yard_radius:1.0.17:::::::*
	cpe:2.3:a:yard_radius:yard_radius:1.0.18:::::::*
	cpe:2.3:a:yard_radius:yard_radius:1.0.19:::::::*
	cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:::::::*
	cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:::::::*
	cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:::::::*
	cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:::::::*

History

20 Nov 2024, 23:37

Type	Values Removed	Values Added
References	~~() ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc -~~	() ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc -
References	~~() http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html -~~	() http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html -
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 -
References	~~() http://marc.info/?l=bugtraq&m=101537153021792&w=2 -~~	() http://marc.info/?l=bugtraq&m=101537153021792&w=2 -
References	~~() http://www.cert.org/advisories/CA-2002-06.html - Patch, Third Party Advisory, US Government Resource~~	() http://www.cert.org/advisories/CA-2002-06.html - Patch, Third Party Advisory, US Government Resource
References	~~() http://www.iss.net/security_center/static/8354.php - Patch, Vendor Advisory~~	() http://www.iss.net/security_center/static/8354.php - Patch, Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/936683 - Patch, Third Party Advisory, US Government Resource~~	() http://www.kb.cert.org/vuls/id/936683 - Patch, Third Party Advisory, US Government Resource
References	~~() http://www.redhat.com/support/errata/RHSA-2002-030.html -~~	() http://www.redhat.com/support/errata/RHSA-2002-030.html -
References	~~() http://www.securityfocus.com/bid/4230 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/4230 - Patch, Vendor Advisory

Information

Published : 2002-03-04 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-1377

Mitre link : CVE-2001-1377

CVE.ORG link : CVE-2001-1377

JSON object : View

Products Affected

gnu

radius

yard_radius_project

yard_radius

radiusclient

radiusclient

freeradius

freeradius

openradius

openradius

livingston

radius

miquel_van_smoorenburg_cistron

radius

yard_radius

yard_radius

xtradius

xtradius

icradius

icradius

lucent

radius

CWE

NVD-CWE-Other

{"id": "CVE-2001-1377", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-03-04T05:00:00.000", "references": [{"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=101537153021792&w=2", "source": "cve@mitre.org"}, {"url": "http://www.cert.org/advisories/CA-2002-06.html", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/8354.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/936683", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4230", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=101537153021792&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cert.org/advisories/CA-2002-06.html", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.iss.net/security_center/static/8354.php", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/936683", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/4230", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AEDD86F-92B9-43EC-80E3-54010E249FC6"}, {"criteria": "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFDB110B-4057-4BA4-993A-9DA14888A093"}, {"criteria": "cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5B0DFDC-913E-4358-9BF1-6AA1F871CB4B"}, {"criteria": "cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F332DA97-B327-45E0-8948-18C2C7278757"}, {"criteria": "cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67632403-328E-4149-B0EC-2B563DDD7FD8"}, {"criteria": "cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F6945F8-EB40-4205-9585-3BF9A132406E"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A28A174-45A4-4886-8C87-2D475F9ABF18"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A949E3FF-5360-4FC1-95E5-AB5080156D77"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D000F534-1BF0-40A8-BD2B-9EBAF71D6FA3"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15253C62-0FCC-4699-9CC5-486F23CDD1E7"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.17b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01B8A1D-A4EC-4B92-A9EC-BECB35185ECC"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10DD81E4-732C-4F23-80A7-987FCC0511D3"}, {"criteria": "cpe:2.3:a:icradius:icradius:0.18.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28A5F502-7DA3-44E2-AEFB-6D1FD7121F7C"}, {"criteria": "cpe:2.3:a:livingston:radius:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C2894BE-AE8B-491C-A776-5D2821D4DFB4"}, {"criteria": "cpe:2.3:a:livingston:radius:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92CD1A39-33F6-47C3-8899-286C07C9C219"}, {"criteria": "cpe:2.3:a:livingston:radius:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3133364-7726-4BFA-A552-03533F762161"}, {"criteria": "cpe:2.3:a:lucent:radius:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96927B69-BA71-460B-8A59-CF3FC93C9661"}, {"criteria": "cpe:2.3:a:lucent:radius:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056AD200-84E8-4B99-863F-C1D61A6B4C7F"}, {"criteria": "cpe:2.3:a:lucent:radius:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FCE2BA9-35E0-410A-B9CC-C77C9D95338E"}, {"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4999A95F-9124-4585-B78C-34B8CDA87250"}, {"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28DC815B-6648-4C3A-A66C-264EE6903CE7"}, {"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "627CD710-183C-433B-9CC6-804C8A726FE4"}, {"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA442BB3-4DAE-402C-8F3C-DFCA4C3EE63A"}, {"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE605C8B-316E-4C04-B5D1-97A0E2719DBB"}, {"criteria": "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13CF26C7-90DB-46FB-AE08-936FF7C324F9"}, {"criteria": "cpe:2.3:a:openradius:openradius:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15B965F5-E32D-4824-9A4B-0A2507CD167E"}, {"criteria": "cpe:2.3:a:openradius:openradius:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C211927E-DE7F-450F-918B-DC3EAF6C5743"}, {"criteria": "cpe:2.3:a:openradius:openradius:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A74F1BA-3E1A-4073-A290-C086B6388F75"}, {"criteria": "cpe:2.3:a:openradius:openradius:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDDB28FF-D0B4-45A4-A2E7-C56B4D660204"}, {"criteria": "cpe:2.3:a:openradius:openradius:0.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5263133F-0C92-4C16-B933-71AEAE9C33BC"}, {"criteria": "cpe:2.3:a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE414B4-5E23-4DE9-AD86-8FE51CCE723B"}, {"criteria": "cpe:2.3:a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6713B65-D941-4DCE-AA63-FE0B408E575B"}, {"criteria": "cpe:2.3:a:xtradius:xtradius:1.1_pre2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B671B4-7B26-4F43-A477-1EE7F1E74245"}, {"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7326E7C2-F310-4820-A36D-C7045E6ED721"}, {"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C37D50E1-E8E1-4D07-93D2-D8DEE13872D9"}, {"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "792AB6F5-0916-482B-A868-BC41B7A6EFE1"}, {"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4A295E4-7D6D-4906-84D4-BB80AF58422E"}, {"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A1FEC14-198C-46D1-8F96-9D91B9733A55"}, {"criteria": "cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB2830F3-FB3A-4833-9027-B4933BA813ED"}, {"criteria": "cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95CC863F-9448-4692-AB9C-BA218D2313CF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10