{"vuid":"VU#277396","idnumber":"277396","name":"GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributes","keywords":["GNU","Remote Authentication Dial In User Service","Radius","DoS","denial of service","UDP packet","Acct-Status-Type attribute","rad_print_request()","logger.c"],"overview":"The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes.","clean_desc":"GNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the rad_print_request() function processes a UDP packet containing Acct-Status-Type and Acct-Session-Id attributes that do not specify values.","impact":"An attacker who is able to send a UDP packet to the service could cause the Radius daemon (radiusd) to crash. No authentication is required to exploit this vulnerability. The Radius accounting service typically listens on 1813/udp or 1646/udp.","resolution":"Upgrade\nUpgrade to GNU Radius version 1.2.","workarounds":"Block or Restrict Access Block or restrict access to Radius accounting services (typically 1813/udp or 1646/udp) from untrusted networks such as the Internet.","sysaffected":"","thanks":"This vulnerability was reported by iDEFENSE Labs.","author":"This document was written by Damon Morda and Art Manion.","public":["http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities","http://www.gnu.org/software/radius/radius.html","http://ftp.gnu.org/gnu/radius/","http://www.ietf.org/rfc/rfc2866.txt","http://mail.gnu.org/archive/html/bug-gnu-radius/2004-02/msg00001.html","http://mail.gnu.org/archive/html/bug-gnu-radius/2004-02/msg00002.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-02-05T14:12:46Z","publicdate":"2004-02-04T00:00:00Z","datefirstpublished":"2004-02-05T15:25:45Z","dateupdated":"2004-02-05T21:05:31Z","revision":17,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"10","cam_impact":"7","cam_easeofexploitation":"14","cam_attackeraccessrequired":"16","cam_scorecurrent":"7.938","cam_scorecurrentwidelyknown":"9.408","cam_scorecurrentwidelyknownexploited":"15.288","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.938,"vulnote":null}