This causes the loop to continue forever, resulting in a Denial of Service (DoS) to Scapy, causing Scapy to crash. When Scapy parses a UDP Radius packet that has an AVP with a length byte equal to zero, the getfield function doesn’t shorten the remain value in the while loop. This can cause an infinite loop in the following code section if a certain byte is set to zero: The vulnerability is due to a lack of input validation when reading the length field in the RADIUS packet’s Attribute Value Pairs (AVP). In this case, the vulnerability occurs when Scapy is tricked into thinking a network packet is a RADIUS packet. Because the algorithm relies on port numbers, the packet type can be easily spoofed. Written in the very popular Python coding language, Scapy uses a heuristic algorithm to determine the type of network packet it is inspecting. Ironically, we found this vulnerability while researching ways to better detect and fight DDoS attacks. We recently discovered that the latest version of Scapy, a powerful packet manipulation tool used by cybersecurity researchers and network engineers, is susceptible to a Denial of Service (DoS) vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |