oss-sec mailing list archives

Re: CVE Request -- FreeRADIUS 1.1.8

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 09 Sep 2009 19:27:30 +0200

Hello Steve,

  short comment yet (to be exact). This flaw was further investigated based
on the flaws list, as mentioned in:

      http://intevydis.com/vd-list.shtml

Relevant FreeRADIUS record:

Freeradius (1)  
Name:    FreeRADIUS 1.1.7 DoS
Status:          0day
Details:         The exploit crashes 'radiusd' daemon.Found with ProtoVer testsuite.
Listener:        not necessary
Platform:        Linux x86
Vulndisco:       7.6

So once you assign a CVE identifier for the FreeRADIUS-1.1.8 DoS, there
is no need to assign another one for the above (to avoid dupes).

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Jan Lieskovsky wrote:

Hello Steve, vendors,

  FreeRADIUS upstream has today released 1.1.8 version [1] [2],
fixing one remote DoS issue in the handling of Tunnel-Password
attributes. This was already fixed in 0.9.3 [3] version:

  FreeRADIUS 0.9.3 ; Date: 2003/11/20 20:15:48, urgency=high
  * Fix a remote DoS and due to mis-handling of tagged attributes,
    and Tunnel-Password attribute.

as CVE-2003-0967 [4], but managed to re-appear.

Upstream patch:
---------------

http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4


Affected versions:
------------------
Issue confirmed in freeradius-1.1.3 up to freeradius-1.1.7,
older freeradius-1.1.* version might be also affected.

Version 2.X is not affected by this issue.

References:
-----------
[1] http://freeradius.org/

[2]https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html

[3] http://freeradius.org/radiusd/doc/ChangeLog
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0967

[5]http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4[6] http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-11/0093.html(PoC)

[7] https://bugzilla.redhat.com/show_bug.cgi?id=521912

Could you please allocate a new CVE identifier?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)
- Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky (Sep 09)
  - Re: CVE Request -- FreeRADIUS 1.1.8 Steven M. Christey (Sep 09)