Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0108

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0108
Last Modified 05 Sep 2008 04:45:20
Published 11 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0108

Summary

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

Vulnerable Systems

Application

  • Apache Mod Auth Radius 1.5.4


References

XF - modauthradius-dos(18841)

DEBIAN - DSA-659

MISC - http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02

BUGTRAQ - 20050111 Apache mod_auth_radius remote integer overflow

BID - 12217

SECTRACK - 1012829

SECUNIA - 14046

SECUNIA - 13773


Last Updated: 27 May 2016 10:39:40