NVD Vulnerability Detail

CVE-2013-0342

Summary	The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.
Publication Date	Dec. 10, 2019, 6:15 a.m.
Registration Date	Jan. 26, 2021, 3:33 p.m.
Last Update	Nov. 21, 2024, 10:47 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:pyrad_project:pyrad::::::::					2.1

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2013/02/15/9	Mailing List Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2013/02/15/9	Mailing List Third Party Advisory
3	http://www.openwall.com/lists/oss-security/2013/02/21/27	Mailing List Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2013/02/21/27	Mailing List Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2013/02/22/2	Mailing List Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2013/02/22/2	Mailing List Third Party Advisory
7	http://www.securityfocus.com/bid/57984	Third Party Advisory VDB Entry
8	http://www.securityfocus.com/bid/57984	Third Party Advisory VDB Entry
9	https://bugzilla.redhat.com/show_bug.cgi?id=911685	Issue Tracking Patch Third Party Advisory
10	https://bugzilla.redhat.com/show_bug.cgi?id=911685	Issue Tracking Patch Third Party Advisory
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/82134	Third Party Advisory VDB Entry
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/82134	Third Party Advisory VDB Entry
13	https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5	Third Party Advisory
14	https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

pyrad における入力確認に関する脆弱性

Title	pyrad における入力確認に関する脆弱性
Summary	pyrad には、入力確認に関する脆弱性が存在します。本脆弱性は、CVE-2013-0294 とは異なる脆弱性です。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 15, 2013, midnight
Registration Date	Dec. 12, 2019, 5:50 p.m.
Last Update	Dec. 12, 2019, 5:50 p.m.

Affected System

pyrad project

pyrad 2.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-0342	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0342
National Vulnerability Database (NVD)
2	CVE-2013-0342	https://nvd.nist.gov/vuln/detail/CVE-2013-0342

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
GitHub
1	Use a better random generator.	https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5

その他

No	Name	URL
関連文書
1	Bug 911685 (CVE-2013-0342) - CVE-2013-0342 python-pyrad: CreateID() creates serialized packet IDs for RADIUS	https://bugzilla.redhat.com/show_bug.cgi?id=911685

Change Log

No	Changed Details	Date of change
1	[2019年12月12日] 掲載	Dec. 12, 2019, 5:50 p.m.