oss-sec mailing list archives
Re: CVE Request -- FreeRADIUS 1.1.8
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 09 Sep 2009 19:27:30 +0200
Hello Steve, short comment yet (to be exact). This flaw was further investigated based on the flaws list, as mentioned in: http://intevydis.com/vd-list.shtml Relevant FreeRADIUS record: Freeradius (1) Name: FreeRADIUS 1.1.7 DoS Status: 0day Details: The exploit crashes 'radiusd' daemon.Found with ProtoVer testsuite. Listener: not necessary Platform: Linux x86 Vulndisco: 7.6 So once you assign a CVE identifier for the FreeRADIUS-1.1.8 DoS, there is no need to assign another one for the above (to avoid dupes). Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team Jan Lieskovsky wrote:
Hello Steve, vendors, FreeRADIUS upstream has today released 1.1.8 version [1] [2], fixing one remote DoS issue in the handling of Tunnel-Password attributes. This was already fixed in 0.9.3 [3] version: FreeRADIUS 0.9.3 ; Date: 2003/11/20 20:15:48, urgency=high * Fix a remote DoS and due to mis-handling of tagged attributes, and Tunnel-Password attribute. as CVE-2003-0967 [4], but managed to re-appear. Upstream patch: ---------------http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4Affected versions: ------------------ Issue confirmed in freeradius-1.1.3 up to freeradius-1.1.7, older freeradius-1.1.* version might be also affected. Version 2.X is not affected by this issue. References: ----------- [1] http://freeradius.org/[2] https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html[3] http://freeradius.org/radiusd/doc/ChangeLog [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0967[5] http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 [6] http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-11/0093.html (PoC)[7] https://bugzilla.redhat.com/show_bug.cgi?id=521912 Could you please allocate a new CVE identifier? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Steven M. Christey (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)