Bug 115639
| Summary: | Security problem on the packed freeradius | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Need Real Name <alietss> |
| Component: | freeradius | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.freeradius.org | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-02-17 08:50:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in rpm freeradius-0.9.3-1.1. |
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322) Description of problem: Freeradius-0.9.3, This version corrects a flaw in 0.9.2 (and all earlier versions of the server) which may allow an attacker to DoS the server. The bug does not look to be easily exploitable, as it overwrites the heap (not the stack), and any exploit code must be in the form of a valid RADIUS packet. As you can see this e really old and public security flaw, RHEL 3 already correct this package but what about Fedora????. This is security related, and very old... Version-Release number of selected component (if applicable): freeradius-0.9.1-1 How reproducible: Always Steps to Reproduce: 1.Install Fedora 2. 3. Additional info: