CVE-2001-1377

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*
cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*
cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.14:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.15:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.16:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.17:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.17b:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.18:*:*:*:*:*:*:*
cpe:2.3:a:icradius:icradius:0.18.1:*:*:*:*:*:*:*
cpe:2.3:a:livingston:radius:2.0:*:*:*:*:*:*:*
cpe:2.3:a:livingston:radius:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:livingston:radius:2.1:*:*:*:*:*:*:*
cpe:2.3:a:lucent:radius:2.0:*:*:*:*:*:*:*
cpe:2.3:a:lucent:radius:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lucent:radius:2.1:*:*:*:*:*:*:*
cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*
cpe:2.3:a:openradius:openradius:0.8:*:*:*:*:*:*:*
cpe:2.3:a:openradius:openradius:0.9:*:*:*:*:*:*:*
cpe:2.3:a:openradius:openradius:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openradius:openradius:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:openradius:openradius:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*
cpe:2.3:a:xtradius:xtradius:1.1_pre2:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*
cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-03-04 05:00

Updated : 2023-12-10 10:17


NVD link : CVE-2001-1377

Mitre link : CVE-2001-1377

CVE.ORG link : CVE-2001-1377


JSON object : View

Products Affected

openradius

  • openradius

yard_radius

  • yard_radius

livingston

  • radius

lucent

  • radius

freeradius

  • freeradius

xtradius

  • xtradius

yard_radius_project

  • yard_radius

radiusclient

  • radiusclient

miquel_van_smoorenburg_cistron

  • radius

icradius

  • icradius

gnu

  • radius