FreeBSD : gnu-radius -- SNMP-related denial-of-service (e6f0edd8-0b40-11d9-8a8a-000c41e2cdad)

Medium Nessus Plugin ID 19150


The remote FreeBSD host is missing a security-related update.


An iDEFENSE security advisory reports :

Remote exploitation of an input validation error in version 1.2 of GNU radiusd could allow a denial of service.

The vulnerability specifically exists within the asn_decode_string() function defined in snmplib/asn1.c. When a very large unsigned number is supplied, it is possible that an integer overflow will occur in the bounds-checking code. The daemon will then attempt to reference unallocated memory, resulting in an access violation that causes the process to terminate.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 19150

File Name: freebsd_pkg_e6f0edd80b4011d98a8a000c41e2cdad.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/07/13

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gnu-radius, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/09/20

Vulnerability Publication Date: 2004/09/15

Reference Information

CVE: CVE-2004-0849