Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 09 Sep 2009 19:27:30 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>,
        Alan T DeKok <aland@...eradius.org>
Subject: Re: CVE Request -- FreeRADIUS 1.1.8

Hello Steve,

   short comment yet (to be exact). This flaw was further investigated based
on the flaws list, as mentioned in:

       http://intevydis.com/vd-list.shtml

Relevant FreeRADIUS record:

Freeradius (1)	
Name: 	 FreeRADIUS 1.1.7 DoS
Status: 	 0day
Details: 	 The exploit crashes 'radiusd' daemon.Found with ProtoVer testsuite.
Listener: 	 not necessary
Platform: 	 Linux x86
Vulndisco: 	 7.6

So once you assign a CVE identifier for the FreeRADIUS-1.1.8 DoS, there
is no need to assign another one for the above (to avoid dupes).

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Jan Lieskovsky wrote:
> Hello Steve, vendors,
> 
>   FreeRADIUS upstream has today released 1.1.8 version [1] [2],
> fixing one remote DoS issue in the handling of Tunnel-Password
> attributes. This was already fixed in 0.9.3 [3] version:
> 
>   FreeRADIUS 0.9.3 ; Date: 2003/11/20 20:15:48, urgency=high
>   * Fix a remote DoS and due to mis-handling of tagged attributes,
>     and Tunnel-Password attribute.
> 
> as CVE-2003-0967 [4], but managed to re-appear.
> 
> Upstream patch:
> ---------------
> http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 
> 
> 
> Affected versions:
> ------------------
> Issue confirmed in freeradius-1.1.3 up to freeradius-1.1.7,
> older freeradius-1.1.* version might be also affected.
> 
> Version 2.X is not affected by this issue.
> 
> References:
> -----------
> [1] http://freeradius.org/
> [2] 
> https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html 
> 
> [3] http://freeradius.org/radiusd/doc/ChangeLog
> [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0967
> [5] 
> http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 
> 
> [6] http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-11/0093.html 
> (PoC)
> [7] https://bugzilla.redhat.com/show_bug.cgi?id=521912
> 
> Could you please allocate a new CVE identifier?
> 
> Thanks && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ