oss-sec mailing list archives
Re: CVE Request -- FreeRADIUS 1.1.8
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 9 Sep 2009 13:40:09 -0400 (EDT)
On Wed, 9 Sep 2009, Jan Lieskovsky wrote:
short comment yet (to be exact). This flaw was further investigated based on the flaws list, as mentioned in: http://intevydis.com/vd-list.shtml
How do you know that the crash you found is the one that's in VulnDisco? Maybe there are two distinct crashes. (These types of vague disclosures can be a real duplicate headache for us in CVE... but neither do we want to say that a commercial 0day has been fixed when it hasn't). CVE-2009-3111 below is anchored exclusively on the FreeRADIUS patch for the CVE-2003-0967 regression. If there's high confidence that this is the same as the intevydis.com disclosure, then I'll integrate it into the description/references. - Steve ====================================================== Name: CVE-2009-3111 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111 Reference: MLIST:[freeradius-users] 20090909 Version 1.1.8 has been released Reference: URL:https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html Reference: MLIST:[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8 Reference: URL:http://www.openwall.com/lists/oss-security/2009/09/09/1 Reference: CONFIRM:http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967.
Current thread:
- CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Steven M. Christey (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)