Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 33989

Summary: freeradius heap exploit before version 0.9.3
Product: Gentoo Security Reporter: Oliver Graf <ograf>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: rajiv, rphillips
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: New freeradius ebuild for fixed version 0.9.3

Description Oliver Graf 2003-11-20 23:05:26 UTC
freeradius has a heap exploit in all versions before 0.9.3. It is possible for
an attacker to DOS the radius server.

Solution: upgrade to 0.9.3

Reproducible: Always
Steps to Reproduce:
Send a compromised RADIUS paket to the server. It needs to have a
Tunnel-Password attribute inside.
Actual Results:  
The server crashes.

Expected Results:  
The server should not crash.

See release notes on http://freeradius.org/
Comment 1 Oliver Graf 2003-11-20 23:07:09 UTC
Created attachment 21018 [details]
New freeradius ebuild for fixed version 0.9.3

An version bounced ebuild of the 0.9.0 ebuild I submitted some months ago.

This is version 0.9.3 which has the heap dos exploit fixed.
Comment 2 Oliver Graf 2003-11-21 07:08:21 UTC
The original release mail for version 0.9.3 is here:
http://lists.cistron.nl/archives/freeradius-users/2003/11/msg00614.html

Oliver.
Comment 3 Ryan Phillips (RETIRED) gentoo-dev 2003-11-21 09:10:10 UTC
Committed.
Comment 4 solar (RETIRED) gentoo-dev 2003-11-22 17:39:27 UTC
This is ready for a GLSA now.
Comment 5 Ryan Phillips (RETIRED) gentoo-dev 2003-11-24 09:52:10 UTC
Rajiv: could you release a GLSA for this?
Comment 6 Tim Yamin (RETIRED) gentoo-dev 2003-11-25 11:38:40 UTC
GLSA 200311-04 sent out.