Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the –enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Radius | Gnu | 0.92.1 (including) | 0.92.1 (including) |
| Radius | Gnu | 0.93 (including) | 0.93 (including) |
| Radius | Gnu | 0.94 (including) | 0.94 (including) |
| Radius | Gnu | 0.95 (including) | 0.95 (including) |
| Radius | Gnu | 0.96 (including) | 0.96 (including) |
| Radius | Gnu | 1.1 (including) | 1.1 (including) |
| Radius | Gnu | 1.2 (including) | 1.2 (including) |
References
- http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
- http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17391
- http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html
- http://www.idefense.com/application/poi/display?id=141\u0026type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17391