LSS has reported a vulnerability in the mod_auth_radius module for Apache, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the handling of certain "RADIUS_ACCESS_CHALLENGE" RADIUS packets. This may be exploited via a man-in-the-middle attack to cause the mod_auth_radius service to crash.
The vulnerability has been reported in version 1.5.7 and prior.
SOFTWARE:
mod_auth_radius 1.x (module for Apache)
SOLUTION:
Only connect to trusted RADIUS servers and over trusted connections.
PROVIDED AND/OR DISCOVERED BY:
LSS
ORIGINAL ADVISORY:
http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02
VERIFY ADVISORY:
http://secunia.com/advisories/13773/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050119102544775