GNU.SNMP.RADIUS.DoS

description-logoDescription

Remote exploitation of a denial of service condition within GNU Radius
allows attackers to crash the service.
The problem specifically exists in the code for handling SNMP messages.
By supplying a malformed packet containing an invalid OID, such as -1,
it is possible to cause the server to shut down, preventing further
requests from being handled. The Radius server must have been compiled
with the '-enable-snmp' option in order to be vulnerable.

affected-products-logoAffected Products

GNU Radius 1.1

Impact logoImpact

Denial of Services

recomended-action-logoRecommended Actions

This issue has been fixed in GNU Radius version 1.2.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-09-26 13.458