CVE-2004-0960 | Vulnerability Database | Aqua Security

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

Affected Software

Name	Vendor	Start Version	End Version
Freeradius	Freeradius	0.2 (including)	0.2 (including)
Freeradius	Freeradius	0.3 (including)	0.3 (including)
Freeradius	Freeradius	0.4 (including)	0.4 (including)
Freeradius	Freeradius	0.5 (including)	0.5 (including)
Freeradius	Freeradius	0.8 (including)	0.8 (including)
Freeradius	Freeradius	0.8.1 (including)	0.8.1 (including)
Freeradius	Freeradius	0.9 (including)	0.9 (including)
Freeradius	Freeradius	0.9.1 (including)	0.9.1 (including)
Freeradius	Freeradius	0.9.2 (including)	0.9.2 (including)
Freeradius	Freeradius	0.9.3 (including)	0.9.3 (including)
Freeradius	Freeradius	1.0.0 (including)	1.0.0 (including)
Red Hat Enterprise Linux 3	RedHat	freeradius-0:1.0.1-1.RHEL3	*

References

http://security.gentoo.org/glsa/glsa-200409-29.xml
http://www.kb.cert.org/vuls/id/541574
http://www.securityfocus.com/bid/11222
https://exchange.xforce.ibmcloud.com/vulnerabilities/17440
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0960
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html