65031 – (CVE-2005-0108) VUL-0: CVE-2005-0108: apache-contrib: mod_auth_radius denial-of-service

Bug 65031 (CVE-2005-0108) - VUL-0: CVE-2005-0108: apache-contrib: mod_auth_radius denial-of-service

Summary: VUL-0: CVE-2005-0108: apache-contrib: mod_auth_radius denial-of-service

Status:	RESOLVED INVALID

Alias:	CVE-2005-0108

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Peter Poeml
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-0108: CVSS v2 Base Score: 5....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-01-20 22:29 UTC by Thomas Biege
Modified:	2021-10-27 11:53 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
radius.diff (328 bytes, patch) 2005-01-20 22:33 UTC, Thomas Biege	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2005-01-20 22:29:32 UTC

Hi Peter, 
we received this through vendor-sec. 
 
To: Free Software Distribution Vendors <vendor-sec@lst.de> 
User-Agent: Mutt/1.5.6+20040907i 
Subject: [vendor-sec] CAN-2005-0108: Denial of service in 
mod_auth_radius and pam_radius_auth 
Errors-To: vendor-sec-admin@lst.de 
Date: Wed, 19 Jan 2005 08:29:42 +0100 
 
Leon Juranic discoverd an integer underflow in the mod_auth_radius 
module for Apache which is also present in libpam-radius-auth. 
 
Apache mod_auth_radius 1.5.4 allows remote malicious RADIUS servers to 
cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a 
RADIUS attribute length of 1, which leads to a memcpy operation with a 
-1 length argument. 
 
Details: 
http://marc.theaimsgroup.com/?l=bugtraq&m=110548193312050&w=2 
 
This one is public already.  Patch attached. 
 
Regards, 
 
        Joey 
 
-- 
Ten years and still binary compatible.  -- XFree86 
 
--- libpam-radius-auth-1.3.14.orig/pam_radius_auth.c 
+++ libpam-radius-auth-1.3.14/pam_radius_auth.c 
[...]

Comment 1 Thomas Biege 2005-01-20 22:29:32 UTC

<!-- SBZ_reproduce  -->
-

Comment 2 Thomas Biege 2005-01-20 22:33:23 UTC

Created attachment 27791 [details]
radius.diff

Comment 3 Peter Poeml 2005-01-21 00:41:18 UTC

We don't have that module as far as I can see.

Comment 4 Thomas Biege 2009-10-13 20:59:46 UTC

CVE-2005-0108: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)