Description
The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/31128
References (8)
Core 8
Core References
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/emerdal-adv.txt
Various Sources x_refsource_confirm
http://www.iea-software.com/docs/Radius40/changes.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27701
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28846
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0484
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487810/100/200/threaded
Various Sources x_refsource_confirm
http://www.iea-software.com/docs/airmarshal1/changes.txt
Various Sources x_refsource_confirm
http://www.iea-software.com/docs/Emerald5/changes.txt
Scores
EPSS
0.1141
EPSS Percentile
93.6%
Details
CWE
CWE-189
Status
published
Products (50)
iea_software/air_marshal
1.0.3
iea_software/air_marshal
1.0.4
iea_software/air_marshal
1.0.5
iea_software/air_marshal
1.0.6
iea_software/air_marshal
1.0.7
iea_software/air_marshal
1.0.8
iea_software/air_marshal
1.0.9
iea_software/air_marshal
1.0.10
iea_software/air_marshal
1.0.11
iea_software/air_marshal
1.0.15
... and 40 more
Published
Nov 29, 2008
Tracked Since
Feb 18, 2026