ID CVE-2004-0849
Summary Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:radius:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:radius:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:radius:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:radius:1.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
idefense 20040915 GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability
mlist [Info-gnu-radius] 20040915 GNU Radius 1.2.94.
xf radius-asndecodestring-bo(17391)
Last major update 11-07-2017 - 01:30
Published 23-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top