The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freeradius | Freeradius | * | 1.1.7 (including) |
| Freeradius | Freeradius | 0.2 (including) | 0.2 (including) |
| Freeradius | Freeradius | 0.3 (including) | 0.3 (including) |
| Freeradius | Freeradius | 0.4 (including) | 0.4 (including) |
| Freeradius | Freeradius | 0.5 (including) | 0.5 (including) |
| Freeradius | Freeradius | 0.8 (including) | 0.8 (including) |
| Freeradius | Freeradius | 0.8.1 (including) | 0.8.1 (including) |
| Freeradius | Freeradius | 0.9 (including) | 0.9 (including) |
| Freeradius | Freeradius | 0.9.1 (including) | 0.9.1 (including) |
| Freeradius | Freeradius | 0.9.2 (including) | 0.9.2 (including) |
| Freeradius | Freeradius | 0.9.3 (including) | 0.9.3 (including) |
| Freeradius | Freeradius | 1.0.0 (including) | 1.0.0 (including) |
| Freeradius | Freeradius | 1.0.1 (including) | 1.0.1 (including) |
| Freeradius | Freeradius | 1.0.2 (including) | 1.0.2 (including) |
| Freeradius | Freeradius | 1.0.3 (including) | 1.0.3 (including) |
| Freeradius | Freeradius | 1.0.4 (including) | 1.0.4 (including) |
| Freeradius | Freeradius | 1.0.5 (including) | 1.0.5 (including) |
| Freeradius | Freeradius | 1.1.0 (including) | 1.1.0 (including) |
| Freeradius | Freeradius | 1.1.3 (including) | 1.1.3 (including) |
| Freeradius | Freeradius | 1.1.5 (including) | 1.1.5 (including) |
| Freeradius | Freeradius | 1.1.6 (including) | 1.1.6 (including) |
| Red Hat Enterprise Linux 5 | RedHat | freeradius-0:1.1.3-1.5.el5_4 | * |
| Freeradius | Ubuntu | dapper | * |
| Freeradius | Ubuntu | hardy | * |
| Freeradius | Ubuntu | upstream | * |