6 results (0.003 seconds)

CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 0

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad de cadena de formato en la función sqllog en el código de tarificación SQL para radiusd en GNU Radius 1.2 y 1.3 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=443 http://secunia.com/advisories/23087 http://security.gentoo.org/glsa/glsa-200612-17.xml http://securitytracker.com/id?1017285 http://www.securityfocus.com/bid/21303 http://www.vupen.com/english/advisories/2006/4712 https://exchange.xforce.ibmcloud.com/vulnerabilities/30508 •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests. Desbordamiento de enteros en la función asn_decode_string() definida en asn1.c en radiusd de GNU Radius 1.1 y 1.2 anteriores a 1.2.94, cuando se compila con la opción --enable-snmp, permite a atacantes remotos causar una denegación de servicio (caída del demonio) mediante ciertas peticiones SNMP. • http://lists.gnu.org/archive/html/info-gnu-radius/2004-09/msg00000.html http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/17391 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID. El demonio radius (radiusd) de GNU Radius 1.1, cuando se compila con la opción -enable-snmp, permite a atacantes remotos causar una denegación de servicio (caída del servidor) mediante un mensaje SNMP malformado conteniendo un OID no válido. • http://marc.info/?l=full-disclosure&m=108785242716726&w=2 http://www.idefense.com/application/poi/display?id=110&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/16466 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0

The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. La función rad_print_request en logger.c del demonio GNU Radius (radiusd) anteriores a 1.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante un paquete UDP con un atributo Acct-Status-Type sin ningún valor, lo que causar una desreferencia nula. • http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz http://secunia.com/advisories/10799 http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/277396 http://www.osvdb.org/3824 http://www.securityfocus.com/bid/9578 https://exchange.xforce.ibmcloud.com/vulnerabilities/15046 •

CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 http://marc.info/?l=bugtraq&m=101537153021792&w=2 http://www.cert.org/advisories/CA-2002-06.html http://www.iss.net/security_center/static/8354.php http://www.kb.cert.org/vuls/id/936683 http://www.redhat.com/support/errata/RHSA-2002-030.html http://www&# •