Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 09 Sep 2009 19:27:30 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>,
        Alan T DeKok <aland@...eradius.org>
Subject: Re: CVE Request -- FreeRADIUS 1.1.8

Hello Steve,

   short comment yet (to be exact). This flaw was further investigated based
on the flaws list, as mentioned in:

       http://intevydis.com/vd-list.shtml

Relevant FreeRADIUS record:

Freeradius (1)	
Name: 	 FreeRADIUS 1.1.7 DoS
Status: 	 0day
Details: 	 The exploit crashes 'radiusd' daemon.Found with ProtoVer testsuite.
Listener: 	 not necessary
Platform: 	 Linux x86
Vulndisco: 	 7.6

So once you assign a CVE identifier for the FreeRADIUS-1.1.8 DoS, there
is no need to assign another one for the above (to avoid dupes).

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Jan Lieskovsky wrote:
> Hello Steve, vendors,
> 
>   FreeRADIUS upstream has today released 1.1.8 version [1] [2],
> fixing one remote DoS issue in the handling of Tunnel-Password
> attributes. This was already fixed in 0.9.3 [3] version:
> 
>   FreeRADIUS 0.9.3 ; Date: 2003/11/20 20:15:48, urgency=high
>   * Fix a remote DoS and due to mis-handling of tagged attributes,
>     and Tunnel-Password attribute.
> 
> as CVE-2003-0967 [4], but managed to re-appear.
> 
> Upstream patch:
> ---------------
> http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 
> 
> 
> Affected versions:
> ------------------
> Issue confirmed in freeradius-1.1.3 up to freeradius-1.1.7,
> older freeradius-1.1.* version might be also affected.
> 
> Version 2.X is not affected by this issue.
> 
> References:
> -----------
> [1] http://freeradius.org/
> [2] 
> https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html 
> 
> [3] http://freeradius.org/radiusd/doc/ChangeLog
> [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0967
> [5] 
> http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 
> 
> [6] http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-11/0093.html 
> (PoC)
> [7] https://bugzilla.redhat.com/show_bug.cgi?id=521912
> 
> Could you please allocate a new CVE identifier?
> 
> Thanks && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.