Signature Detail
Short Name |
RADIUS:TYPE-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
RADIUS |
Keywords |
FreeRADIUS Invalid Type Code DoS |
Release Date |
2004/11/03 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
RADIUS: FreeRADIUS Invalid Type Code DoS
This signature detects UDP packets containing invalid RADIUS attributes. Attackers can send a FreeRADIUS server invalid Type packets and cause the service to become unresponsive. FreeRADIUS versions 1.0.0 and earlier are affected.
Extended Description
Reportedly FreeRADIUS is affected by multiple remote denial of service vulnerabilities. These issues are due to a failure of the application to handle malformed packets. An attacker may leverage these issues to cause the affected server to crash, denying service to legitimate users.
Affected Products
- FreeRADIUS 0.2.0
- FreeRADIUS 0.3.0
- FreeRADIUS 0.4.0
- FreeRADIUS 0.5.0
- FreeRADIUS 0.8.0
- FreeRADIUS 0.8.1
- FreeRADIUS 0.9.0
- FreeRADIUS 0.9.1
- FreeRADIUS 0.9.2
- FreeRADIUS 0.9.3
- FreeRADIUS 1.0.0
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux ES 3
- Red Hat Fedora Core1
- Red Hat Fedora Core2
References
- BugTraq: 11222
- CVE: CVE-2004-0938
- URL: http://www.kb.cert.org/vuls/id/541574
- URL: http://www.freeradius.org/