oss-sec mailing list archives
Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 4 Aug 2015 10:41:52 +0530
On 07/31/2015 12:04 PM, Huzaifa Sidhpurwala wrote:
The FreeRADIUS project has reported a flaw that affects the EAP-PWD module of the freeradius package versions 3.0 up to 3.0.8. This module is not enabled by default, so administrators must have manually enabled it for their servers to be vulnerable. Reference: http://freeradius.org/security.html#eap-pwd-2015 Can a CVE id be please assigned to this flaw?
Copying cve-assign this time to see if this gets picked up :) -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Current thread:
- CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Huzaifa Sidhpurwala (Jul 30)
- Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer Huzaifa Sidhpurwala (Aug 03)