Date: Fri, 31 Jul 2015 12:04:05 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer The FreeRADIUS project has reported a flaw that affects the EAP-PWD module of the freeradius package versions 3.0 up to 3.0.8. This module is not enabled by default, so administrators must have manually enabled it for their servers to be vulnerable. Reference: http://freeradius.org/security.html#eap-pwd-2015 Can a CVE id be please assigned to this flaw? -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ