oss-sec mailing list archives

Re: CVE request: freeradius

From: Josh Bressers <bressers () redhat com>
Date: Fri, 1 Oct 2010 16:14:52 -0400 (EDT)


----- "Vincent Danen" <vdanen () redhat com> wrote:

Requesting CVE names for two flaws fix in freeradius 2.1.10:

DoS via certain DHCP requests
[1] https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77
[2] http://secunia.com/advisories/41621
[3] http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279
[4] https://bugzilla.redhat.com/show_bug.cgi?id=639390


Use CVE-2010-3696


crash when processing requests queued for more than 30 seconds
[1] https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35
[2] http://secunia.com/advisories/41621
[3] http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223
[4] https://bugzilla.redhat.com/show_bug.cgi?id=639397


Both issues only affect 2.1.x (1.1.x does not have the affected files or
functions).  It looks as though the first issue only affected 2.1.9; I'm
not yet sure if or how far the second issue may go back.


Use CVE-2010-3697

Thanks.

-- 
    JB

Current thread:

CVE request: freeradius Vincent Danen (Oct 01)
- Re: CVE request: freeradius Josh Bressers (Oct 01)