• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Vendor RADIUS Digest Calculation Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

A vulnerability has been discovered in multiple RADIUS implementations. This issue may potentially allow a remote attacker to cause a denial of service, or in some cases may lead to the execution of arbitrary attacker-supplied instructions.

Affected products contain a buffer overflow error in a function used to calculate a message digest. This is due to insufficient bounds checking on a string that is concatenated with shared secret data.

Successful exploitation will most likely result in a denial of service.

If the shared secret is known to the attacker, this condition may potentially be exploited to execute arbitrary attacker-supplied instructions with the privileges of the RADIUS server or client(in most cases root privileges).

It has been reported that in some cases, it may be possible for a remote attacker to execute arbitrary instructions without having knowledge of the shared secret. This is allegedly the case with the GNU Radius and Cistron Radius implementations.

Affected Products:

• Ascend RADIUS 1.16.0
• Conectiva Linux 5.0.0
• Conectiva Linux 5.1.0
• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux ecommerce
• Conectiva Linux graficas
• FreeRADIUS FreeRADIUS 0.2.0
• FreeRADIUS FreeRADIUS 0.3.0
• FreeRADIUS FreeRADIUS 0.3.0
• GNU Radius 0.92.1
• GNU Radius 0.93.0
• GNU Radius 0.94.0
• GNU Radius 0.95.0
• ICRadius ICRADIUS 0.14.0
• ICRadius ICRADIUS 0.15.0
• ICRadius ICRADIUS 0.16.0
• ICRadius ICRADIUS 0.17.0
• ICRadius ICRADIUS 0.17.0 b
• ICRadius ICRADIUS 0.18.0
• ICRadius ICRADIUS 0.18.1
• Livingston RADIUS 2.0.0
• Livingston RADIUS 2.0.1
• Livingston RADIUS 2.1.0
• Lucent RADIUS 2.0.0
• Lucent RADIUS 2.0.0 1
• Lucent RADIUS 2.1.0
• Miquel van Smoorenburg Cistron Radius 1.6.0 .0
• Miquel van Smoorenburg Cistron Radius 1.6.1
• Miquel van Smoorenburg Cistron Radius 1.6.2
• Miquel van Smoorenburg Cistron Radius 1.6.3
• Miquel van Smoorenburg Cistron Radius 1.6.4
• Miquel van Smoorenburg Cistron Radius 1.6.5
• OpenRADIUS OpenRADIUS 0.8.0
• OpenRADIUS OpenRADIUS 0.9.0
• OpenRADIUS OpenRADIUS 0.9.1
• OpenRADIUS OpenRADIUS 0.9.2
• OpenRADIUS OpenRADIUS 0.9.3
• RADIUSClient RADIUSClient 0.3.1
• S.u.S.E. Linux 6.4.0 alpha
• S.u.S.E. Linux 6.4.0 i386
• S.u.S.E. Linux 6.4.0 ppc
• S.u.S.E. Linux 7.0.0 alpha
• S.u.S.E. Linux 7.0.0 i386
• S.u.S.E. Linux 7.0.0 ppc
• S.u.S.E. Linux 7.0.0 sparc
• S.u.S.E. Linux 7.1.0 alpha
• S.u.S.E. Linux 7.1.0 ppc
• S.u.S.E. Linux 7.1.0 sparc
• S.u.S.E. Linux 7.1.0 x86
• S.u.S.E. Linux 7.2.0 i386
• S.u.S.E. Linux 7.3.0 i386
• S.u.S.E. Linux 7.3.0 ppc
• S.u.S.E. Linux 7.3.0 sparc
• XTRadius XTRadius 1.1.0 -pre1
• Yard RADIUS Yard RADIUS 1.0.0 pre13
• Yard RADIUS Yard RADIUS 1.0.0 pre14
• Yard RADIUS Yard RADIUS 1.0.0 pre15
• Yard RADIUS Yard RADIUS 1.0.16
• Yard RADIUS Yard RADIUS 1.0.17
• Yard RADIUS Yard RADIUS 1.0.18
• Yard RADIUS Yard RADIUS 1.0.19

References:

• CERT/CC: CERT Advisory CA-2002-06
• Miquel van Smoorenburg: Cistron RADIUS Server
• OpenRADIUS: OpenRADIUS Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.