oss-sec mailing list archives

CVE request: freeradius

From: Vincent Danen <vdanen () redhat com>
Date: Fri, 1 Oct 2010 10:29:50 -0600

Requesting CVE names for two flaws fix in freeradius 2.1.10:

DoS via certain DHCP requests
[1] https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77
[2] http://secunia.com/advisories/41621
[3] http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279
[4] https://bugzilla.redhat.com/show_bug.cgi?id=639390

crash when processing requests queued for more than 30 seconds
[1] https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35
[2] http://secunia.com/advisories/41621
[3] http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223
[4] https://bugzilla.redhat.com/show_bug.cgi?id=639397


Both issues only affect 2.1.x (1.1.x does not have the affected files or
functions).  It looks as though the first issue only affected 2.1.9; I'm
not yet sure if or how far the second issue may go back.

Could two CVE names be assigned to this issue please?

Thanks!

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: freeradius Vincent Danen (Oct 01)
- Re: CVE request: freeradius Josh Bressers (Oct 01)