oss-sec mailing list archives

CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Fri, 31 Jul 2015 12:04:05 +0530

The FreeRADIUS project has reported a flaw that affects the EAP-PWD
module of the freeradius package versions 3.0 up to 3.0.8. This module
is not enabled by default, so administrators must have manually enabled
it for their servers to be vulnerable.

Reference:
http://freeradius.org/security.html#eap-pwd-2015

Can a CVE id be please assigned to this flaw?


-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team

Current thread:

CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Huzaifa Sidhpurwala (Jul 30)
- Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Huzaifa Sidhpurwala (Aug 03)