Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Jan 2016 17:22:59 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Mitre CVE assign department <cve-assign@...re.org>
Subject: Re: CVE Request: freeradius: the EAP-PWD module
 performs insufficient validation on packets received from an EAP peer

On Tue, Aug 04, 2015 at 10:41:52AM +0530, Huzaifa Sidhpurwala wrote:
> On 07/31/2015 12:04 PM, Huzaifa Sidhpurwala wrote:
> > The FreeRADIUS project has reported a flaw that affects the EAP-PWD
> > module of the freeradius package versions 3.0 up to 3.0.8. This module
> > is not enabled by default, so administrators must have manually enabled
> > it for their servers to be vulnerable.
> > 
> > Reference:
> > http://freeradius.org/security.html#eap-pwd-2015
> > 
> > Can a CVE id be please assigned to this flaw?
> > 
> > 
> Copying cve-assign this time to see if this gets picked up :)

This seems to have fallen through the cracks?

Cheers,
        Moritz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ