CVE-2009-3111
Published: 9 September 2009
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
Notes
Author | Note |
---|---|
kees | oss-security: "Version 2.X is not affected by this issue." |
mdeslaur | PoC for CVE-2003-0967: http://marc.info/?l=bugtraq&m=106944220426970 |
Priority
Status
Package | Release | Status |
---|---|---|
freeradius Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(1.1.7-1ubuntu0.2)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(1.1.8)
|
|
Patches: upstream: http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 |