CVE-2004-0849 in Radius
Summary
by MITRE
Integer overflow in the asn_decode_string() function defined in asn1.c in radiusd for GNU Radius 1.1 and 1.2 before 1.2.94, when compiled with the --enable-snmp option, allows remote attackers to cause a denial of service (daemon crash) via certain SNMP requests.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/25/2019
The vulnerability identified as CVE-2004-0849 represents a critical integer overflow flaw within the GNU Radius server implementation that affects versions 1.1 and 1.2 before 1.2.94. This vulnerability specifically targets the asn_decode_string() function located in the asn1.c file, which is part of the core radiusd daemon responsible for handling authentication requests in network access control systems. The flaw becomes exploitable when the software is compiled with the --enable-snmp option, indicating that the vulnerability is not inherent to all installations but rather specific to configurations that include SNMP support functionality.
The technical nature of this vulnerability stems from improper input validation within the ASN.1 decoding process that occurs during SNMP request handling. When maliciously crafted SNMP packets are received by the radiusd daemon, the asn_decode_string() function fails to properly handle integer overflow conditions that occur during the parsing of ASN.1 encoded data structures. This overflow condition causes the daemon to crash and restart, effectively creating a denial of service scenario that disrupts legitimate network authentication services. The vulnerability operates at the protocol parsing layer where SNMP requests are processed, making it particularly dangerous as it can be triggered by remote unauthenticated attackers without requiring any special privileges or credentials.
From an operational perspective, this vulnerability poses significant risks to network infrastructure security as it can be exploited to disrupt authentication services that rely on GNU Radius for network access control. The daemon crash resulting from this vulnerability can lead to extended periods of service unavailability, potentially affecting hundreds or thousands of network users depending on the scale of the affected network. The impact is particularly severe in enterprise environments where network access control is critical for security operations, as the disruption can effectively disable network authentication mechanisms and potentially allow unauthorized access to network resources during the service outage. The vulnerability's exploitation does not require authentication, making it particularly dangerous as attackers can trigger the denial of service without prior access to the system.
The vulnerability aligns with CWE-190, which describes integer overflow and underflow conditions, and specifically relates to the improper handling of data type conversions during protocol parsing. From an ATT&CK framework perspective, this vulnerability maps to T1499.004, which covers network denial of service attacks, and T1595.001, which involves reconnaissance through network scanning and protocol analysis. Organizations should implement immediate mitigations including updating to GNU Radius version 1.2.94 or later, disabling SNMP support in radiusd if not required, and implementing network monitoring to detect potential exploitation attempts. Additionally, network segmentation and intrusion detection systems should be configured to monitor for unusual SNMP traffic patterns that might indicate exploitation attempts, as the vulnerability requires specific conditions to be met for successful exploitation but can be easily triggered by remote attackers.