IEA Software RadiusNT and RadiusX和Radius test client 拒绝服务漏洞

漏洞ID	1114518	漏洞类型	数字错误
发布时间	2008-02-08	更新时间	2008-12-01
CVE编号	CVE-2008-5284	CNNVD-ID	CNNVD-200811-447
漏洞平台	Multiple	CVSS评分	10.0

|漏洞来源

https://www.exploit-db.com/exploits/31128
https://www.securityfocus.com/bid/27701
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200811-447

|漏洞详情

IEASoftwareRadiusNTandRadiusX是一款著名的Radius认证服务器程序。IEASoftwareRadiusNTandRadiusX和Radiustestclient(又称Radlogin)4.0.20及其早期版本中的网络服务器,远程攻击者借助一个为负值的HTTPContent-Length页眉，造成拒绝服务(崩溃)。该页眉可以通过一个NULL结束符来触发一个单一字节的内存重写。

|漏洞EXP

source: http://www.securityfocus.com/bid/27701/info

Multiple IEA Software products are prone to a denial-of-service vulnerability.

Successfully exploiting this issue will allow attackers to crash the affected application, denying service to legitimate users.

This issue affects the following applications:

- Emerald 5.0.49 and prior versions
- RadiusNT and RadiusX 5.1.38 and prior versions
- Radius test client 4.0.20 and prior versions
- Air Marshal 2.0.4 and prior versions 

The following proof-of-concept exploit code is available:

POST / HTTP/1.0
Host: localhost
Content-Length: 2147483647

|受影响的产品

IEA Software RadiusX 5.1.38 IEA Software RadiusNT 5.1.38 IEA Software Radius test client 4.0.20 IEA Software Emerald 5.0.49 IEA Software Air Marshal 2.0.4

|参考资料

来源:BID
名称:27701
链接:http://www.securityfocus.com/bid/27701
来源:BUGTRAQ
名称:20080208NULLbytewritinginEmerald,RadiusNT/XandAirMarshal
链接:http://www.securityfocus.com/archive/1/archive/1/487810/100/200/threaded
来源:www.iea-software.com
链接:http://www.iea-software.com/docs/Radius40/changes.txt
来源:www.iea-software.com
链接:http://www.iea-software.com/docs/Emerald5/changes.txt
来源:www.iea-software.com
链接:http://www.iea-software.com/docs/airmarshal1/changes.txt
来源:VUPEN
名称:ADV-2008-0484
链接:http://www.frsirt.com/english/advisories/2008/0484
来源:SECUNIA
名称:28846
链接:http://secunia.com/advisories/28846
来源:MISC
链接:http://aluigi.altervista.org/adv/emerdal-adv.txt