{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"XTRADIUS 1.1-pre1 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"GnuRADIUS versions 0.95 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"RADIUS ( anciennement Lucent RADIUS ) versions 2.1 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"RADIUSClient versions 0.3.1 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"FreeRADIUS versions 0.3 et pr\u00e9c\u00e9dentes;","product":{"name":"FreeRADIUS","vendor":{"name":"FreeRadius","scada":false}}},{"description":"ICRADIUS versions 0.18.1 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Ascend RADIUS versions 1.16 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"YARD RADIUS 1.0.19 et pr\u00e9c\u00e9dentes.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Cistron RADIUS versions 1.6.5 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Livingston RADIUS versions 2.1 et pr\u00e9c\u00e9dentes;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLe protocole RADIUS est utilis\u00e9 pour l'identification et\nl'authentification de clients distants. Ce protocole est d\u00e9crit dans la\nRFC 2138. Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 mises en \u00e9vidence dans\nl'impl\u00e9mentation de certains serveurs RADIUS:\n\n-   Un individu mal intentionn\u00e9 peut effectuer \u00e0 distance un d\u00e9bordement\n    de m\u00e9moire et ex\u00e9cuter du code arbitraire. Cette vuln\u00e9rabilit\u00e9 n'est\n    exploitable que si l'attaquant connait la cl\u00e9 secr\u00e8te partag\u00e9e entre\n    le client et le serveur.\n-   L'envoi de paquets mal form\u00e9s \u00e0 destination du serveur peut causer\n    un deni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer \u00e0 l'avis CA-2002-06 du CERT/CC (cf. Documentation) pour\nobtenir la liste des syst\u00e8mes affect\u00e9s et les correctifs disponibles.\n","cves":[],"links":[{"title":"Avis de s\u00e9curit\u00e9 CA-2002-06 \"Vulnerabilities in Various  Implementations of the RADIUS Protocol\" du CERT/CC:","url":"http://www.cert.org/advisories/CA-2002-06.html"}],"reference":"CERTA-2002-AVI-048","revisions":[{"description":"version initiale.","revision_date":"2002-03-05T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire"},{"description":"D\u00e9ni de service"}],"summary":"RADIUS ( Remote Authentification Dial In User Service ) est un protocole\nutilis\u00e9 pour l'identification et l'authentification de clients distants.\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans certaines impl\u00e9mentations de\nce protocole.\n","title":"Multiples impl\u00e9mentations du protocole RADIUS vuln\u00e9rables","vendor_advisories":[{"published_at":null,"title":"Avis CA-2002-06 du CERT/CC","url":null}]}