PT-2010-5008 · Freeradius · Freeradius
Vincent Danen
·
Published
2010-10-07
·
Updated
2010-10-08
·
CVE-2010-3697
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
FreeRADIUS versions 2.1.x through 2.1.9
Description
The issue arises from the
wait for child to die function in main/event.c, which does not properly handle long queue times for requests under certain circumstances, such as long-term database outages. This allows remote attackers to cause a denial of service by sending many requests, leading to a daemon crash.Recommendations
For FreeRADIUS versions 2.1.x through 2.1.9, update to version 2.1.10 or later to resolve the issue.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freeradius