FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeradius -- remote packet of death vulnerability

Affected packages
freeradius < 1.1.8


VuXML ID 1b3f854b-e4bd-11de-b276-000d8787e1be
Discovery 2009-09-09
Entry 2009-12-14
Modified 2009-12-14

freeRADIUS Vulnerability Notifications reports:

2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.

This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.


CVE Name CVE-2009-3111