FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0960

This CVE name corresponds to:

Entered Topic
2004-10-13 freeradius -- denial-of-service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0960
Phase Assigned(20041018)

Description

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

References

Source Reference
GENTOO GLSA-200409-29
CERT-VN VU#541574
BID 11222
OVAL oval:org.mitre.oval:def:11023
XF freeradius-dos(17440)