CVE-2008-5284

Name of the Vulnerable Software and Affected Versions IEA Software RadiusNT versions 5.1.38 through 5.1.43 IEA Software RadiusX versions 5.1.38 through 5.1.43 IEA Software Emerald versions 5.0.49 through 5.0.51 IEA Software Air Marshal versions 2.0.4 through 2.0.7 IEA Software Radius test client (aka Radlogin) versions 4.0.20 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value. This triggers a single byte overwrite of memory using a NULL terminator.

Recommendations For IEA Software RadiusNT versions 5.1.38 through 5.1.43, update to version 5.1.44 or later. For IEA Software RadiusX versions 5.1.38 through 5.1.43, update to version 5.1.44 or later. For IEA Software Emerald versions 5.0.49 through 5.0.51, update to version 5.0.52 or later. For IEA Software Air Marshal versions 2.0.4 through 2.0.7, update to version 2.0.8 or later. For IEA Software Radius test client (aka Radlogin) versions 4.0.20 and earlier, update to a version later than 4.0.20.