Info

Disclosure

Sep 15, 2004

Discovery

Unknown

Dates

Exploit

Sep 15, 2004

Solution

Unknown

Description

FreeRadius contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a packet with a malformed USR VSA which may cause it to call memcpy with a length value of -1. memcpy interprets this as 0xffffffff which causes it to enter an infinite loop, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

FreeRADIUS	FreeRADIUS	0.2
		0.3
		0.4
		0.5
		0.8
		0.8.1
		0.9
		0.9.1
		0.9.2
		0.9.3
		1.0

References

Bugtraq ID: 11222
Related OSVDB ID: 11806
Secunia Advisory ID: 12570 13193
ISS X-Force ID: 17440
CVE ID: 2004-0938 (see also: NVD) 2004-0960 (see also: NVD) 2004-0961 (see also: NVD)
CERT VU: 541574
Vendor Specific Advisory URL: http://security.gentoo.org/glsa/glsa-200409-29.xml
http://www.freeradius.org/security.html
RedHat RHSA: RHSA-2004:609

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/11807