Red Hat Bugzilla – Bug 111503
freeradius 0.9.0 may allow an attacker to DoS the server.
Last modified: 2007-11-30 17:06:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET
Description of problem:
Hi People, I was researching the freeradius implementation,
particulary de redhat rpm wich comes with RedHat Enterprise Linux 3,
doing this I saw this on freeradius main site...
20 November, 2003 Version 0.9.3 has been released. This version
corrects a flaw in 0.9.2 (and all earlier versions of the server)
which may allow an attacker to DoS the server.
The bug does not look to be easily exploitable, as it overwrites the
heap (not the stack), and any exploit code must be in the form of a
valid RADIUS packet.
We strongly recommend that all users of FreeRADIUS upgrade to 0.9.3.
I was wondering if the freeradius-0.9.0-2 have this security
problem, maybe yes or not, but could be...
Version-Release number of selected component (if applicable):
Steps to Reproduce:
More information on www.freeradius.org
*** This bug has been marked as a duplicate of 110901 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.