FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeradius -- remote packet of death vulnerability

Affected packages
freeradius < 1.1.8

Details

VuXML ID 1b3f854b-e4bd-11de-b276-000d8787e1be
Discovery 2009-09-09
Entry 2009-12-14
Modified 2009-12-14

freeRADIUS Vulnerability Notifications reports:

2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.

This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.

References

CVE Name CVE-2009-3111
URL http://freeradius.org/security.html
URL http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111
URL http://www.milw0rm.com/exploits/9642