First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 60587
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Chet McNeill <chet@somedec.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
freeradius-1.0.0.ebuild freeradius 1.0.0 ebuild text/plain Chet McNeill 2004-08-16 13:39 0000 2.74 KB Details
freeradius-1.0.0-exec-args.patch Patch to freeradius 1.0.0 patch Chet McNeill 2004-08-16 13:40 0000 1.12 KB Details | Diff
freeradius-1.0.1.ebuild freeradius-1.0.1.ebuild text/plain Alin Năstac 2004-09-19 16:17 0000 2.64 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 60587 depends on: Show dependency tree
Bug 60587 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-16 13:38 0000 
This is an update to the freeradius 1.0.0.  Added a new patch that fixes a
problem with the running of external programs with quoted arguments. Removed
old patch.

------- Comment #1 From Chet McNeill 2004-08-16 13:39:04 0000 ------- 
Created an attachment (id=37554) [details]
freeradius 1.0.0 ebuild

------- Comment #2 From Chet McNeill 2004-08-16 13:40:24 0000 ------- 
Created an attachment (id=37555) [details]
Patch to freeradius 1.0.0

fixes problem with running of external commands w/quoted args

------- Comment #3 From Alin Năstac 2004-09-19 16:17:04 0000 ------- 
Created an attachment (id=39967) [details]
freeradius-1.0.1.ebuild

This ebuild contains several modifications:
  - correction of use flag frnothred -> frnothread; However, in my opinion it
will be best to have just one global "thread" flag. After all, you could set
your flags on package level by using /etc/portage/package.use
  - correction for bug #42718 
  - --disable-static
  - creation of radiusd user & group
  - safe permissions on various directories

------- Comment #4 From Alin Năstac 2004-09-19 16:21:37 0000 ------- 
I've forget to mention in comment #3 that I've removed flag frlargefiles. Don't
see the point in making support for large files selectable by user. I've took a
peek in other ebuilds and saw everywhere that where it's the case, large file
support is enabled.

------- Comment #5 From Matthias Geerdsen 2004-09-20 02:14:25 0000 ------- 
reassigning to security@g.o since freeradius 1.0.1 addresses security issues:

from http://www.freeradius.org/security.html
"2004.09.14 v1.0.0 - Multiple external DoS attacks exist in the server. These are related to the attacks below, in 0.9.2, but were not caught then. The vulnerabilities are fixed in 1.0.1, and in all later versions of the server. The vulnerabilities are not exploitable, but can be used to remotely crash the server."

from http://secunia.com/advisories/12570/
"Description:
Multiple unspecified vulnerabilities have been reported in FreeRADIUS, which can be exploited by malicious people to cause a DoS (Denial of Service).

No more information is currently available.

Solution:
Update to version 1.0.1 or later."

------- Comment #6 From Alin Năstac 2004-09-20 04:00:52 0000 ------- 
*** Bug 64738 has been marked as a duplicate of this bug. ***

------- Comment #7 From Sune Kloppenborg Jeppesen 2004-09-20 04:08:23 0000 ------- 
net-dialup please bump.

------- Comment #8 From Heinrich Wendel (RETIRED) 2004-09-20 05:12:28 0000 ------- 
*** Bug 57043 has been marked as a duplicate of this bug. ***

------- Comment #9 From Heinrich Wendel (RETIRED) 2004-09-20 05:22:59 0000 ------- 
added and marked stable on x86

------- Comment #10 From Heinrich Wendel (RETIRED) 2004-09-20 05:23:39 0000 ------- 
btw: good work alin ;)

------- Comment #11 From Sune Kloppenborg Jeppesen 2004-09-20 06:29:02 0000 ------- 
This one is ready for GLSA. Security please draft.

------- Comment #12 From Thierry Carrez (RETIRED) 2004-09-20 08:30:48 0000 ------- 
Just checked out, it's not stable on x86.
freeradius-1.0.1.ebuild: KEYWORDS="~x86 ~amd64"

lanius: could you correct it ?

------- Comment #13 From Heinrich Wendel (RETIRED) 2004-09-20 11:01:51 0000 ------- 
sorry, stable on x86, amd64 needn't mark it stable since the previous versions
wasn't

------- Comment #14 From Sune Kloppenborg Jeppesen 2004-09-22 03:21:19 0000 ------- 
GLSA 200409-29
First Last Prev Next    No search results available      Search page      Enter new bug