5

CVE-2009-3111

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreeradiusFreeradius Version <= 1.1.7
FreeradiusFreeradius Version0.2
FreeradiusFreeradius Version0.3
FreeradiusFreeradius Version0.4
FreeradiusFreeradius Version0.5
FreeradiusFreeradius Version0.8
FreeradiusFreeradius Version0.8.1
FreeradiusFreeradius Version0.9
FreeradiusFreeradius Version0.9.1
FreeradiusFreeradius Version0.9.2
FreeradiusFreeradius Version0.9.3
FreeradiusFreeradius Version1.0.0
FreeradiusFreeradius Version1.0.1
FreeradiusFreeradius Version1.0.2
FreeradiusFreeradius Version1.0.3
FreeradiusFreeradius Version1.0.4
FreeradiusFreeradius Version1.0.5
FreeradiusFreeradius Version1.1.0
FreeradiusFreeradius Version1.1.3
FreeradiusFreeradius Version1.1.5
FreeradiusFreeradius Version1.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.18% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://support.apple.com/kb/HT3937
http://www.vupen.com/english/advisories/2009/3184
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://intevydis.com/vd-list.shtml
http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4
Patch
http://secunia.com/advisories/36509
http://www.openwall.com/lists/oss-security/2009/09/09/1
Patch
http://www.redhat.com/support/errata/RHSA-2009-1451.html
http://www.securityfocus.com/bid/36263
https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919