Red Hat Bugzilla – Bug 115639
Security problem on the packed freeradius
Last modified: 2007-11-30 17:10:36 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET
Description of problem:
Freeradius-0.9.3, This version corrects a flaw in 0.9.2 (and all
earlier versions of the server) which may allow an attacker to DoS
the server. The bug does not look to be easily exploitable, as it
overwrites the heap (not the stack), and any exploit code must be in
the form of a valid RADIUS packet.
As you can see this e really old and public security flaw, RHEL 3
already correct this package but what about Fedora????. This is
security related, and very old...
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Fixed in rpm freeradius-0.9.3-1.1.