Vulnerability Note VU#277396

GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributes

Overview

The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes.

I. Description

GNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the rad_print_request() function processes a UDP packet containing Acct-Status-Type and Acct-Session-Id attributes that do not specify values.

II. Impact

An attacker who is able to send a UDP packet to the service could cause the Radius daemon (radiusd) to crash. No authentication is required to exploit this vulnerability. The Radius accounting service typically listens on 1813/udp or 1646/udp.

III. Solution

Upgrade

Upgrade to GNU Radius version 1.2.

Block or Restrict Access

Block or restrict access to Radius accounting services (typically 1813/udp or 1646/udp) from untrusted networks such as the Internet.

Systems Affected

Vendor	Status	Date Notified	Date Updated
GNU Radius	Vulnerable	5-Feb-2004

References

http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities
http://www.gnu.org/software/radius/radius.html
http://ftp.gnu.org/gnu/radius/
http://www.ietf.org/rfc/rfc2866.txt
http://mail.gnu.org/archive/html/bug-gnu-radius/2004-02/msg00001.html
http://mail.gnu.org/archive/html/bug-gnu-radius/2004-02/msg00002.html

Credit

This vulnerability was reported by iDEFENSE Labs.

This document was written by Damon Morda and Art Manion.

Other Information

Date Public:	2004-02-04
Date First Published:	2004-02-05
Date Last Updated:	2004-02-05
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	7.94
Document Revision:	15

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader