CVE-2005-0108

Severity

50%

Complexity

99%

Confidentiality

48%

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 20 years ago

2005-01-11 05:00:00

Last updated 7 years ago

2017-07-11 01:32:00

Affected Software

Apache Software Foundation mod_auth_radius 1.5.4

1.5.4

References

20050111 Apache mod_auth_radius remote integer overflow

13773

14046

http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02

Exploit, Vendor Advisory

1012829

DSA-659

Exploit, Vendor Advisory

12217

modauthradius-dos(18841)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.