PT-2009-5438 · Freeradius+1 · Freeradius+1

Jan Lieskovsky

·

Publicado

2009-09-09

·

Atualizado

2017-09-19

·

CVE-2009-3111

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions: FreeRADIUS versions prior to 1.1.8
Description: The issue allows remote attackers to cause a denial of service, resulting in the crash of the radiusd service, by exploiting the rad decode function with zero-length Tunnel-Password attributes.
Recommendations: For versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the rad decode function to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2009-3111
RHSA-2009:1451
RHSA-2009_1451

Produtos afetados

Freeradius
Red Hat