| VID |
23042 |
| Severity |
40 |
| Port |
1812 |
| Protocol |
UDP |
| Class |
RADIUS |
| Detailed Description |
The RADIUS server is running on the relevant system.
The RADIUS(Remote Authentication Dial-In User Service) is a client-server protocol or software, which controls authentication, accounting, and access-control in a networked, multi-user environment.
It is used primarily for authentication and access-control management by wired Internet Service Providers (ISPs), wireless 802.11 MAC address authentication, large corporations, or educational institutions that manage large dial-in modem pools. The officially assigned port number for RADIUS is 1812/UDP.
Several flaws are affecting various servers as the followings:
1. Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
2. Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
3. Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
4. Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
5. Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
* Note: This check doesn't perform an actually test to assess this vulnerability but solely relied on the presence of radius daemon for the remote server, so this might be a false positive.
* References:
http://www.cert.org/advisories/CA-2002-06.html
http://www.security.nnov.ru/advisories/radius.asp
* Softwares Affected:
Ascend RADIUS versions 1.16 and prior
Cistron RADIUS versions 1.6.5 and prior
FreeRADIUS versions 0.3 and prior
GnuRADIUS versions 0.95 and prior
ICRADIUS versions 0.18.1 and prior
Livingston RADIUS versions 2.1 and earlier
Novell Border Manager
Open System Consultants Radiator 2.6 and prior
RADIUS (previously known as Lucent RADIUS) versions 2.1 and prior
RADIUSClient versions 0.3.1 and prior
Secure Computing Corp. SafeWord version 5.2 and SafeWord PremierAccess v3.0
Vircom VOP Radius 3.2 and prior
XTRADIUS 1.1-pre1 and prior
YARD RADIUS 1.0.19 and prior |
| Recommendation |
Make sure you are running the latest version of your radius server.
Contact your vendor for upgrade or patch information or refer to CERT Advisory CA-2002-06 at http://www.cert.org/advisories/CA-2002-06.html
-- AND --
Filter incoming traffic from untrusted networks to this port (1812/UDP). |
| Related URL |
CVE-2001-1377,CVE-2001-1376,CVE-2001-1081,CVE-2001-0534,CVE-2000-0321 (CVE) |
| Related URL |
7892,5103,4230,3530,3529,2994,2989,2991,6261,3532 (SecurityFocus) |
| Related URL |
8354 (ISS) |
|
