115639 – Security problem on the packed freeradius

Bug 115639 - Security problem on the packed freeradius

Summary: Security problem on the packed freeradius

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	freeradius
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:
Docs Contact:
URL:	http://www.freeradius.org
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-02-14 01:56 UTC by Need Real Name
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-02-17 08:50:06 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Need Real Name 2004-02-14 01:56:35 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET 
CLR 1.1.4322)

Description of problem:
Freeradius-0.9.3, This version corrects a flaw in 0.9.2 (and all 
earlier versions of the server) which may allow an attacker to DoS 
the server. The bug does not look to be easily exploitable, as it 
overwrites the heap (not the stack), and any exploit code must be in 
the form of a valid RADIUS packet. 

As you can see this e really old and public security flaw, RHEL 3 
already correct this package but what about Fedora????. This is 
security related, and very old...


Version-Release number of selected component (if applicable):
freeradius-0.9.1-1

How reproducible:
Always

Steps to Reproduce:
1.Install Fedora
2.
3.
    

Additional info:

Comment 1 Thomas Woerner 2004-02-17 08:50:06 UTC

Fixed in rpm freeradius-0.9.3-1.1.

Note You need to log in before you can comment on or make changes to this bug.