CVE-2004-0960Freeradius vulnerability

8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
2.6%
top 14.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreeradiusRedhat Enterprise LinuxRedhat Fedora Core
Timeline
PublishedFeb 9
Latest updateApr 29

Description

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianfreeradius/freeradius< 1.0.1+3
NVDredhat/fedora_corecore_2.0
NVDfreeradius/freeradius11 versions+10

Also affects: Enterprise Linux 3.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-xw3g-88p6-48wm: FreeRADIUS before 12022-04-29
OSV
CVE-2004-0960: FreeRADIUS before 12005-02-09
CVEList
CVE-2004-0960: FreeRADIUS before 12004-10-20

📋Vendor Advisories

2
Red Hat
security flaw2004-09-20
Debian
CVE-2004-0960: freeradius - FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (co...2004

💬Community

2
Bugzilla
CVE-2004-0960 security flaw2018-08-16
Bugzilla
CAN-2004-0938 Freeradius < 1.0.1 DoS and remote crash (CAN-2004-0960, CAN-2004-0961)2004-10-15
CVE-2004-0960 — Freeradius vulnerability | cvebase