Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:226 | First vendor Publication | 2009-09-09 |
Vendor | Mandriva | Last vendor Modification | 2009-09-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been found and corrected in freeradius: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111). This update provides a solution to this vulnerability. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:226 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10917 | |||
Oval ID: | oval:org.mitre.oval:def:10917 | ||
Title: | rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. | ||
Description: | rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0967 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13685 | |||
Oval ID: | oval:org.mitre.oval:def:13685 | ||
Title: | DSA-1957-1 aria2 -- buffer overflow | ||
Description: | It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 0.14.0-1+lenny1. Binaries for powerpc, arm, ia64 and hppa will be provided once they are available. The oldstable distribution is not affected by this problem. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.2.0-1. We recommend that you upgrade your aria2 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1957-1 CVE-2009-3575 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | aria2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13881 | |||
Oval ID: | oval:org.mitre.oval:def:13881 | ||
Title: | USN-832-1 -- freeradius vulnerability | ||
Description: | It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-832-1 CVE-2009-3111 | Version: | 5 |
Platform(s): | Ubuntu 8.04 | Product(s): | freeradius |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22232 | |||
Oval ID: | oval:org.mitre.oval:def:22232 | ||
Title: | ELSA-2009:1451: freeradius security update (Moderate) | ||
Description: | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1451-01 CVE-2009-3111 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | freeradius |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29331 | |||
Oval ID: | oval:org.mitre.oval:def:29331 | ||
Title: | RHSA-2009:1451 -- freeradius security update (Moderate) | ||
Description: | Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1451 CESA-2009:1451-CentOS 5 CVE-2009-3111 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | freeradius |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7022 | |||
Oval ID: | oval:org.mitre.oval:def:7022 | ||
Title: | DSA-1957 aria2 -- buffer overflow | ||
Description: | It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code. The oldstable distribution is not affected by this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1957 CVE-2009-3575 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | aria2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9919 | |||
Oval ID: | oval:org.mitre.oval:def:9919 | ||
Title: | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | ||
Description: | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3111 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for freeradius CESA-2009:1451 centos5 i386 File : nvt/gb_CESA-2009_1451_freeradius_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-01-20 | Name : Gentoo Security Advisory GLSA 201001-06 (aria2) File : nvt/glsa_201001_06.nasl |
2010-01-15 | Name : Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius) File : nvt/gb_mandriva_MDVSA_2009_227_1.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1957-1 (aria2) File : nvt/deb_1957_1.nasl |
2009-12-30 | Name : FreeBSD Ports: freeradius File : nvt/freebsd_freeradius5.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1451 (freeradius) File : nvt/ovcesa2009_1451.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-13 | Name : Fedora Core 10 FEDORA-2009-10344 (aria2) File : nvt/fcore_2009_10344.nasl |
2009-10-13 | Name : SLES10: Security update for freeradius File : nvt/sles10_freeradius.nasl |
2009-10-10 | Name : SLES9: Security update for freeradius File : nvt/sles9p5059720.nasl |
2009-09-23 | Name : FreeRADIUS Tunnel-Password Denial Of Service Vulnerability File : nvt/secpod_freeradius_tunnel_password_dos_vuln.nasl |
2009-09-21 | Name : RedHat Security Advisory RHSA-2009:1451 File : nvt/RHSA_2009_1451.nasl |
2009-09-21 | Name : Ubuntu USN-832-1 (freeradius) File : nvt/ubuntu_832_1.nasl |
2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:226 (aria2) File : nvt/mdksa_2009_226.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58708 | aria2 DHTRoutingTableDeserializer.cc deserialize() Function DHT Routing Table... A remote overflow exists in aria2. aria2 fails to check a boundary error in the deserialize() function in DHTRoutingTableDeserializer.cc resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
57897 | FreeRADIUS radiusd rad_decode Function Zero-length Tunnel-Password Attribute ... |
2850 | FreeRADIUS Tagged Attribute Handling DoS FreeRADIUS 0.9.2, and earlier, contains a flaw that may allow a remote denial of service. The issue is triggered when reception of a malformed packet sent to the service occurs, and will result in loss of availability for the service. It is possible to crash the service due to a NULL pointer dereference bug, which can be exploited by sending an "Access-Request" packet containing a "Tunnel-Password" attribute. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | FreeRADIUS RADIUS server rad_decode remote denial of service attempt RuleID : 16209 - Revision : 8 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1451.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090917_freeradius_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freeradius-6528.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-06.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1957.nasl - Type : ACT_GATHER_INFO |
2010-01-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-227.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1451.nasl - Type : ACT_GATHER_INFO |
2009-12-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1b3f854be4bd11deb276000d8787e1be.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_aria2-091014.nasl - Type : ACT_GATHER_INFO |
2009-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10344.nasl - Type : ACT_GATHER_INFO |
2009-10-07 | Name : The remote openSUSE host is missing a security update. File : suse_freeradius-6496.nasl - Type : ACT_GATHER_INFO |
2009-10-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12507.nasl - Type : ACT_GATHER_INFO |
2009-10-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freeradius-6499.nasl - Type : ACT_GATHER_INFO |
2009-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1451.nasl - Type : ACT_GATHER_INFO |
2009-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-832-1.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-226.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2003-386.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:40:41 |
|
2013-05-11 00:47:40 |
|