|
|
|
![]() |
Vulnerability Note VU#277396GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributesOverviewThe GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes.I. DescriptionGNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the rad_print_request() function processes a UDP packet containing Acct-Status-Type and Acct-Session-Id attributes that do not specify values.II. ImpactAn attacker who is able to send a UDP packet to the service could cause the Radius daemon (radiusd) to crash. No authentication is required to exploit this vulnerability. The Radius accounting service typically listens on 1813/udp or 1646/udp.III. SolutionUpgradeUpgrade to GNU Radius version 1.2.
References
This vulnerability was reported by iDEFENSE Labs. This document was written by Damon Morda and Art Manion.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||