Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 111503

Summary: freeradius 0.9.0 may allow an attacker to DoS the server.
Product: Red Hat Enterprise Linux 3 Reporter: Need Real Name <alietss>
Component: freeradiusAssignee: Thomas Woerner <twoerner>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:00:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2003-12-04 17:47:24 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET 
CLR 1.1.4322)

Description of problem:
Hi People, I was researching the freeradius implementation, 
particulary de redhat rpm wich comes with RedHat Enterprise Linux 3, 
doing this I saw this on freeradius main site...

20 November, 2003 Version 0.9.3 has been released. This version 
corrects a flaw in 0.9.2 (and all earlier versions of the server) 
which may allow an attacker to DoS the server. 
The bug does not look to be easily exploitable, as it overwrites the 
heap (not the stack), and any exploit code must be in the form of a 
valid RADIUS packet. 
We strongly recommend that all users of FreeRADIUS upgrade to 0.9.3.

I was wondering if the  freeradius-0.9.0-2 have this security 
problem, maybe yes or not, but could be...



Version-Release number of selected component (if applicable):
freeradius-0.9.0-2

How reproducible:
Always

Steps to Reproduce:
1.Install freeradius
2.
3.
    

Additional info:

More information on www.freeradius.org
Comment 1 Mark J. Cox 2003-12-07 21:31:12 UTC 

*** This bug has been marked as a duplicate of 110901 ***
Comment 2 Red Hat Bugzilla 2006-02-21 19:00:16 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.