GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Wed Sep 22, 2004 10:51 am Post subject: [ GLSA 200409-29 ] FreeRADIUS: Multiple Denial of Service vu |
|
|
Gentoo Linux Security Advisory
Title: FreeRADIUS: Multiple Denial of Service vulnerabilities (GLSA 200409-29)
Severity: normal
Exploitable: remote
Date: September 22, 2004
Updated: May 22, 2006
Bug(s): #60587
ID: 200409-29
Synopsis
Multiple Denial of Service vulnerabilities were found and fixed in
FreeRADIUS.
Background
FreeRADIUS is an open source RADIUS authentication server
implementation.
Affected Packages
Package: net-dialup/freeradius
Vulnerable: < 1.0.1
Unaffected: >= 1.0.1
Architectures: All supported architectures
Description
There are undisclosed defects in the way FreeRADIUS handles incorrect
received packets.
Impact
A remote attacker could send specially-crafted packets to the
FreeRADIUS server to deny service to other users by crashing the
server.
Workaround
There is no known workaround at this time.
Resolution
All FreeRADIUS users should upgrade to the latest version:
Code: | # emerge sync
# emerge -pv ">=net-dialup/freeradius-1.0.1"
# emerge ">=net-dialup/freeradius-1.0.1" |
References
FreeRADIUS Vulnerability Notifications
CVE-2004-0938
CVE-2004-0960
CVE-2004-0961
Last edited by GLSA on Fri Dec 09, 2011 4:17 am; edited 4 times in total |
|