PT-2010-5008 · Freeradius · Freeradius
Vincent Danen
·
Publicado
2010-10-07
·
Atualizado
2010-10-08
·
CVE-2010-3697
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
FreeRADIUS versions 2.1.x through 2.1.9
Description
The issue arises from the
wait for child to die function in main/event.c, which does not properly handle long queue times for requests under certain circumstances, such as long-term database outages. This allows remote attackers to cause a denial of service by sending many requests, leading to a daemon crash.Recommendations
For FreeRADIUS versions 2.1.x through 2.1.9, update to version 2.1.10 or later to resolve the issue.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Freeradius