CVE-2013-0342 Information
Feb 14, 2021
cve
Description
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs which makes it easier for remote attackers to spoof packets by predicting the next ID a different vulnerability than CVE-2013-0294.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Reference
http://www.openwall.com/lists/oss-security/2013/02/15/9 http://www.openwall.com/lists/oss-security/2013/02/21/27 http://www.openwall.com/lists/oss-security/2013/02/22/2 http://www.securityfocus.com/bid/57984 https://bugzilla.redhat.com/show_bug.cgi?id=911685 https://exchange.xforce.ibmcloud.com/vulnerabilities/82134 https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Share on: