FreeRADIUS Tunnel-Password Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running FreeRADIUS and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to crash the service. Impact Level: Application

Solution

Upgrade to version 1.1.8 http://freeradius.org/download.html or Apply patch from below link, http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaws are due to: - An error in the 'rad_decode()' function in 'src/lib/radius.c' which can be exploited via zero-length Tunnel-Password attributes. - An unspecified error that can be exploited to crash the 'radiusd' daemon.

Affected

FreeRADIUS version prior to 1.1.8

References

http://secunia.com/advisories/36509
http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/
http://www.intevydis.com/blog/?p=66
http://www.openwall.com/lists/oss-security/2009/09/09/1

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3111
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
F-PROT AV 'ELF' Header Denial of Service Vulnerability
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
FreeRADIUS Tunnel-Password Denial Of Service Vulnerability

Take action and discover your vulnerabilities