CVE Vulnerabilities

CVE-2009-3111

Published: Sep 09, 2009 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.

Affected Software

Name Vendor Start Version End Version
Freeradius Freeradius * 1.1.7 (including)
Freeradius Freeradius 0.2 (including) 0.2 (including)
Freeradius Freeradius 0.3 (including) 0.3 (including)
Freeradius Freeradius 0.4 (including) 0.4 (including)
Freeradius Freeradius 0.5 (including) 0.5 (including)
Freeradius Freeradius 0.8 (including) 0.8 (including)
Freeradius Freeradius 0.8.1 (including) 0.8.1 (including)
Freeradius Freeradius 0.9 (including) 0.9 (including)
Freeradius Freeradius 0.9.1 (including) 0.9.1 (including)
Freeradius Freeradius 0.9.2 (including) 0.9.2 (including)
Freeradius Freeradius 0.9.3 (including) 0.9.3 (including)
Freeradius Freeradius 1.0.0 (including) 1.0.0 (including)
Freeradius Freeradius 1.0.1 (including) 1.0.1 (including)
Freeradius Freeradius 1.0.2 (including) 1.0.2 (including)
Freeradius Freeradius 1.0.3 (including) 1.0.3 (including)
Freeradius Freeradius 1.0.4 (including) 1.0.4 (including)
Freeradius Freeradius 1.0.5 (including) 1.0.5 (including)
Freeradius Freeradius 1.1.0 (including) 1.1.0 (including)
Freeradius Freeradius 1.1.3 (including) 1.1.3 (including)
Freeradius Freeradius 1.1.5 (including) 1.1.5 (including)
Freeradius Freeradius 1.1.6 (including) 1.1.6 (including)
Red Hat Enterprise Linux 5 RedHat freeradius-0:1.1.3-1.5.el5_4 *
Freeradius Ubuntu dapper *
Freeradius Ubuntu hardy *
Freeradius Ubuntu upstream *

References