Remote exploitation of a denial of service condition within GNU Radius
allows attackers to crash the service.
The problem specifically exists in the code for handling SNMP messages.
By supplying a malformed packet containing an invalid OID, such as -1,
it is possible to cause the server to shut down, preventing further
requests from being handled. The Radius server must have been compiled
with the '-enable-snmp' option in order to be vulnerable.
GNU Radius 1.1
Denial of Services
This issue has been fixed in GNU Radius version 1.2.