Bug 65031 (CVE-2005-0108)

Summary: VUL-0: CVE-2005-0108: apache-contrib: mod_auth_radius denial-of-service
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Peter Poeml <poeml>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: patch-request, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2005-0108: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: radius.diff

Description Thomas Biege 2005-01-20 22:29:32 UTC 
Hi Peter, 
we received this through vendor-sec. 
 
To: Free Software Distribution Vendors <vendor-sec@lst.de> 
User-Agent: Mutt/1.5.6+20040907i 
Subject: [vendor-sec] CAN-2005-0108: Denial of service in 
mod_auth_radius and pam_radius_auth 
Errors-To: vendor-sec-admin@lst.de 
Date: Wed, 19 Jan 2005 08:29:42 +0100 
 
Leon Juranic discoverd an integer underflow in the mod_auth_radius 
module for Apache which is also present in libpam-radius-auth. 
 
Apache mod_auth_radius 1.5.4 allows remote malicious RADIUS servers to 
cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a 
RADIUS attribute length of 1, which leads to a memcpy operation with a 
-1 length argument. 
 
Details: 
http://marc.theaimsgroup.com/?l=bugtraq&m=110548193312050&w=2 
 
This one is public already.  Patch attached. 
 
Regards, 
 
        Joey 
 
-- 
Ten years and still binary compatible.  -- XFree86 
 
--- libpam-radius-auth-1.3.14.orig/pam_radius_auth.c 
+++ libpam-radius-auth-1.3.14/pam_radius_auth.c 
[...]
Comment 1 Thomas Biege 2005-01-20 22:29:32 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Biege 2005-01-20 22:33:23 UTC 
Created attachment 27791 [details]
radius.diff
Comment 3 Peter Poeml 2005-01-21 00:41:18 UTC 
We don't have that module as far as I can see.
Comment 4 Thomas Biege 2009-10-13 20:59:46 UTC 
CVE-2005-0108: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)