CVE-2001-1376
CVSS7.5
发布时间 :2002-03-04 00:00:00
修订时间 :2016-11-28 14:06:17
NMCOS    

[原文]Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.


[CNNVD]Cistron RADIUS 摘要算法缓冲区溢出漏洞(CNNVD-200203-002)

        CVE(CAN) ID: CAN-2001-1376
        
        
        
        Cistron是一种流行的RADIUS认证服务器实现。它在一个计算消息摘要的函数中存在一个缓冲
        
        区溢出问题。虽然据信这个漏洞不能被用来执行任意指令,但它可能会导致段错误,从而使服
        
        务器程序崩溃,造成远程拒绝服务攻击。
        
        
        
        其他基于Cistron源程序的服务器程序也可能有此漏洞。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:openradius:openradius:0.9.2
cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6_.0
cpe:/a:openradius:openradius:0.9.1
cpe:/a:radiusclient:radiusclient:0.3.1
cpe:/a:yard_radius:yard_radius:1.0_pre15
cpe:/a:yard_radius:yard_radius:1.0_pre14
cpe:/a:ascend:radius:1.16
cpe:/a:yard_radius:yard_radius:1.0_pre13
cpe:/a:livingston:radius:2.0.1
cpe:/a:openradius:openradius:0.9
cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.1
cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.2
cpe:/a:yard_radius:yard_radius:1.0.18
cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.3
cpe:/a:yard_radius:yard_radius:1.0.17
cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.4
cpe:/a:icradius:icradius:0.16
cpe:/a:openradius:openradius:0.8
cpe:/a:openradius:openradius:0.9.3
cpe:/a:yard_radius:yard_radius:1.0.19
cpe:/a:yard_radius:yard_radius:1.0.16
cpe:/a:xtradius:xtradius:1.1_pre1
cpe:/a:icradius:icradius:0.18
cpe:/a:icradius:icradius:0.17
cpe:/a:gnu:radius:0.93GNU Radius 0.93
cpe:/a:icradius:icradius:0.15
cpe:/a:icradius:icradius:0.14
cpe:/a:gnu:radius:0.95GNU Radius 0.95
cpe:/a:gnu:radius:0.94GNU Radius 0.94
cpe:/a:lucent:radius:2.0Lucent RADIUS 2.0
cpe:/a:freeradius:freeradius:0.2FreeRADIUS 0.2
cpe:/a:lucent:radius:2.1Lucent RADIUS 2.1
cpe:/a:freeradius:freeradius:0.3FreeRADIUS 0.3
cpe:/a:miquel_van_smoorenburg_cistron:radius:1.6.5
cpe:/a:gnu:radius:0.92.1GNU Radius 0.92.1
cpe:/a:icradius:icradius:0.18.1
cpe:/a:icradius:icradius:0.17b
cpe:/a:lucent:radius:2.0.1Lucent RADIUS 2.0.1
cpe:/a:livingston:radius:2.0
cpe:/a:livingston:radius:2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1376
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1376
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-002
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
(UNKNOWN)  SUSE  SuSE-SA:2002:013
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
(UNKNOWN)  CONECTIVA  CLA-2002:466
http://marc.info/?l=bugtraq&m=101537153021792&w=2
(UNKNOWN)  BUGTRAQ  20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations
http://online.securityfocus.com/archive/1/239784
(VENDOR_ADVISORY)  BUGTRAQ  20011113 More problems with RADIUS (protocol and implementations)
http://www.cert.org/advisories/CA-2002-06.html
(VENDOR_ADVISORY)  CERT  CA-2002-06
http://www.kb.cert.org/vuls/id/589523
(UNKNOWN)  CERT-VN  VU#589523
http://www.redhat.com/support/errata/RHSA-2002-030.html
(UNKNOWN)  REDHAT  RHSA-2002:030
http://www.securityfocus.com/bid/3530
(VENDOR_ADVISORY)  BID  3530
http://xforce.iss.net/xforce/xfdb/7534
(UNKNOWN)  XF  radius-message-digest-bo(7534)

- 漏洞信息

Cistron RADIUS 摘要算法缓冲区溢出漏洞
高危 边界条件错误
2002-03-04 00:00:00 2005-10-20 00:00:00
远程  
        CVE(CAN) ID: CAN-2001-1376
        
        
        
        Cistron是一种流行的RADIUS认证服务器实现。它在一个计算消息摘要的函数中存在一个缓冲
        
        区溢出问题。虽然据信这个漏洞不能被用来执行任意指令,但它可能会导致段错误,从而使服
        
        务器程序崩溃,造成远程拒绝服务攻击。
        
        
        
        其他基于Cistron源程序的服务器程序也可能有此漏洞。
        
        
        
        

- 公告与补丁

        厂商补丁:
        
        
        
        厂商宣布将在11月14日的1.6.5版中修复这个漏洞。我们建议使用此软件的用户从厂商的主页获
        
        取最新版本:
        
        
        http://www.radius.cistron.nl/

        

- 漏洞信息

7325
Multiple RADIUS Implementation Digest Calculation Function Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

- 时间线

2001-11-13 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor RADIUS Digest Calculation Buffer Overflow Vulnerability
Boundary Condition Error 3530
Yes No
2001-11-13 12:00:00 2009-07-11 09:06:00
This issue was initially reported by 3APA3A <3APA3A@SECURITY.NNOV.RU>.

- 受影响的程序版本

Yard RADIUS Yard RADIUS 1.0.19
Yard RADIUS Yard RADIUS 1.0.18
Yard RADIUS Yard RADIUS 1.0.17
Yard RADIUS Yard RADIUS 1.0.16
Yard RADIUS Yard RADIUS 1.0 pre15
Yard RADIUS Yard RADIUS 1.0 pre14
Yard RADIUS Yard RADIUS 1.0 pre13
XTRadius XTRadius 1.1 -pre1
RADIUSClient RADIUSClient 0.3.1
OpenRADIUS OpenRADIUS 0.9.3
OpenRADIUS OpenRADIUS 0.9.2
OpenRADIUS OpenRADIUS 0.9.1
OpenRADIUS OpenRADIUS 0.9
OpenRADIUS OpenRADIUS 0.8
Miquel van Smoorenburg Cistron Radius 1.6.5
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
Miquel van Smoorenburg Cistron Radius 1.6.4
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
Miquel van Smoorenburg Cistron Radius 1.6.3
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
Miquel van Smoorenburg Cistron Radius 1.6.2
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
Miquel van Smoorenburg Cistron Radius 1.6.1
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
Miquel van Smoorenburg Cistron Radius 1.6 .0
Lucent RADIUS 2.1
Lucent RADIUS 2.0 1
Lucent RADIUS 2.0
Livingston RADIUS 2.1
Livingston RADIUS 2.0.1
Livingston RADIUS 2.0
ICRadius ICRADIUS 0.18.1
ICRadius ICRADIUS 0.18
ICRadius ICRADIUS 0.17 b
ICRadius ICRADIUS 0.17
ICRadius ICRADIUS 0.16
ICRadius ICRADIUS 0.15
ICRadius ICRADIUS 0.14
- Larry Wall Perl 5.0 05
- Larry Wall Perl 5.0 05
- Larry Wall Perl 5.0 05
- MySQL AB MySQL 3.23.10
GNU Radius 0.95
GNU Radius 0.94
GNU Radius 0.93
GNU Radius 0.92.1
FreeRADIUS FreeRADIUS 0.3
FreeRADIUS FreeRADIUS 0.3
FreeRADIUS FreeRADIUS 0.2
Ascend RADIUS 1.16
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
Yard RADIUS Yard RADIUS 1.0.20
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
XTRadius XTRadius 1.2.1 beta
XTRadius XTRadius 1.1 -pre2
RADIUSClient RADIUSClient 0.3.2
OpenRADIUS OpenRADIUS 0.9.4
Miquel van Smoorenburg Cistron Radius 1.6.6
+ Conectiva Linux 9.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
+ S.u.S.E. Linux 8.0
Miquel van Smoorenburg Cistron Radius 1.6.5
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
GNU Radius 0.96
FreeRADIUS FreeRADIUS 0.5
FreeRADIUS FreeRADIUS 0.4
Cisco Secure ACS for Windows NT 3.0
Cisco Secure ACS for Unix 2.3

- 不受影响的程序版本

Yard RADIUS Yard RADIUS 1.0.20
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
XTRadius XTRadius 1.2.1 beta
XTRadius XTRadius 1.1 -pre2
RADIUSClient RADIUSClient 0.3.2
OpenRADIUS OpenRADIUS 0.9.4
Miquel van Smoorenburg Cistron Radius 1.6.6
+ Conectiva Linux 9.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
+ S.u.S.E. Linux 8.0
Miquel van Smoorenburg Cistron Radius 1.6.5
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
GNU Radius 0.96
FreeRADIUS FreeRADIUS 0.5
FreeRADIUS FreeRADIUS 0.4
Cisco Secure ACS for Windows NT 3.0
Cisco Secure ACS for Unix 2.3

- 漏洞讨论

A vulnerability has been discovered in multiple RADIUS implementations.

Affected products contain a buffer overflow error in a function used to calculate a message digest. This is due to insufficient bounds checking on a string that is concatenated with shared secret data.

Successful exploitation will most likely result in a denial of service.

If the shared secret is known to the attacker, this condition may potentially be exploited to execute arbitrary attacker-supplied instructions with the privileges of the RADIUS server or client(in most cases root privileges).

It has been reported that in some cases, it may be possible for a remote attacker to execute arbitrary instructions without having knowledge of the shared secret. This is allegedly the case with the GNU Radius and Cistron Radius implementations.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

A number of vendors have made upgrades available.


FreeRADIUS FreeRADIUS 0.2

FreeRADIUS FreeRADIUS 0.3

FreeRADIUS FreeRADIUS 0.3

RADIUSClient RADIUSClient 0.3.1

OpenRADIUS OpenRADIUS 0.8

OpenRADIUS OpenRADIUS 0.9

OpenRADIUS OpenRADIUS 0.9.1

OpenRADIUS OpenRADIUS 0.9.2

OpenRADIUS OpenRADIUS 0.9.3

GNU Radius 0.92.1

GNU Radius 0.93

GNU Radius 0.94

GNU Radius 0.95

Yard RADIUS Yard RADIUS 1.0 pre14

Yard RADIUS Yard RADIUS 1.0 pre15

Yard RADIUS Yard RADIUS 1.0 pre13

Yard RADIUS Yard RADIUS 1.0.16

Yard RADIUS Yard RADIUS 1.0.17

Yard RADIUS Yard RADIUS 1.0.18

Yard RADIUS Yard RADIUS 1.0.19

XTRadius XTRadius 1.1 -pre1

Miquel van Smoorenburg Cistron Radius 1.6 .0

Miquel van Smoorenburg Cistron Radius 1.6.1

Miquel van Smoorenburg Cistron Radius 1.6.2

Miquel van Smoorenburg Cistron Radius 1.6.3

Miquel van Smoorenburg Cistron Radius 1.6.4

Miquel van Smoorenburg Cistron Radius 1.6.5

Lucent RADIUS 2.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站