Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1967940197.1017111285964092127.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Fri, 1 Oct 2010 16:14:52 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: freeradius


----- "Vincent Danen" <vdanen@...hat.com> wrote:

> Requesting CVE names for two flaws fix in freeradius 2.1.10:
> 
> DoS via certain DHCP requests
> [1] https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77
> [2] http://secunia.com/advisories/41621
> [3] http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=639390

Use CVE-2010-3696


> 
> crash when processing requests queued for more than 30 seconds
> [1] https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35
> [2] http://secunia.com/advisories/41621
> [3] http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=639397
> 
> 
> Both issues only affect 2.1.x (1.1.x does not have the affected files or
> functions).  It looks as though the first issue only affected 2.1.9; I'm
> not yet sure if or how far the second issue may go back.
> 

Use CVE-2010-3697

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.