Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability

  1. 3 weeks ago
    Edited 3 weeks ago by Men in Black

    h14.png

    Scapy is prone to a remote denial-of-service vulnerability.

    Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

    Information

    Bugtraq ID: 106674
    Class: Failure to Handle Exceptional Conditions
    CVE: CVE-2019-1010142

    Remote: Yes
    Local: No
    Published: Jan 08 2019 12:00AM
    Updated: Jul 23 2019 08:00AM
    Credit: Johnathan Azaria and Koby Kilimnik.
    Vulnerable: Scapy Scapy 2.4
    python scapy-http 1.8
    python pysap 0.1.8
    python pyersinia 1.0.5
    python ooniprobe 1.3.2
    python mim 0.2.43
    python jldcmds 0.3
    python IcmpTool 0.1.8

    Not Vulnerable:

    Exploit

    The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

    References:

    Remove useless _RADIUSAttrPacketListField class (Scapy)
    Scapy Home Page (Scapy)
    Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attac (Imperva)

    Source: www.securityfocus.com

 

or Sign Up to reply!