1
PublicDateAtUSN: 2009-09-09
2
Candidate: CVE-2009-3111
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111
6
https://usn.ubuntu.com/usn/usn-832-1
8
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers
9
to cause a denial of service (radiusd crash) via zero-length
10
Tunnel-Password attributes, as demonstrated by a certain module in
11
VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression
12
error related to CVE-2003-0967.
15
kees> oss-security: "Version 2.X is not affected by this issue."
16
mdeslaur> PoC for CVE-2003-0967: http://marc.info/?l=bugtraq&m=106944220426970
23
upstream: http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4
24
upstream_freeradius: released (1.1.8)
25
dapper_freeradius: ignored (reached end-of-life)
26
hardy_freeradius: released (1.1.7-1ubuntu0.2)
27
intrepid_freeradius: not-affected
28
jaunty_freeradius: not-affected
29
karmic_freeradius: not-affected
30
devel_freeradius: not-affected