Bug 111503 - freeradius 0.9.0 may allow an attacker to DoS the server.
freeradius 0.9.0 may allow an attacker to DoS the server.
Status: CLOSED DUPLICATE of bug 110901
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: freeradius (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-12-04 12:47 EST by Need Real Name
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 14:00:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-12-04 12:47:24 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET 
CLR 1.1.4322)

Description of problem:
Hi People, I was researching the freeradius implementation, 
particulary de redhat rpm wich comes with RedHat Enterprise Linux 3, 
doing this I saw this on freeradius main site...

20 November, 2003 Version 0.9.3 has been released. This version 
corrects a flaw in 0.9.2 (and all earlier versions of the server) 
which may allow an attacker to DoS the server. 
The bug does not look to be easily exploitable, as it overwrites the 
heap (not the stack), and any exploit code must be in the form of a 
valid RADIUS packet. 
We strongly recommend that all users of FreeRADIUS upgrade to 0.9.3.

I was wondering if the  freeradius-0.9.0-2 have this security 
problem, maybe yes or not, but could be...

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Install freeradius

Additional info:

More information on www.freeradius.org
Comment 1 Mark J. Cox 2003-12-07 16:31:12 EST

*** This bug has been marked as a duplicate of 110901 ***
Comment 2 Red Hat Bugzilla 2006-02-21 14:00:16 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.