Vulnerability Note VU#277396

GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributes

Original Release date: 05 Feb 2004 | Last revised: 05 Feb 2004

Overview

The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes.

Description

GNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the rad_print_request() function processes a UDP packet containing Acct-Status-Type and Acct-Session-Id attributes that do not specify values.

Impact

An attacker who is able to send a UDP packet to the service could cause the Radius daemon (radiusd) to crash. No authentication is required to exploit this vulnerability. The Radius accounting service typically listens on 1813/udp or 1646/udp.

Solution

Upgrade

Upgrade to GNU Radius version 1.2.


Block or Restrict Access

Block or restrict access to Radius accounting services (typically 1813/udp or 1646/udp) from untrusted networks such as the Internet.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
GNU RadiusAffected05 Feb 200405 Feb 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by iDEFENSE Labs.

This document was written by Damon Morda and Art Manion.

Other Information

  • CVE IDs: Unknown
  • Date Public: 04 Feb 2004
  • Date First Published: 05 Feb 2004
  • Date Last Updated: 05 Feb 2004
  • Severity Metric: 7.94
  • Document Revision: 15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.