Executive Summary

Summary
Title freeradius security update
Informations
Name RHSA-2009:1451 First vendor Publication 2009-09-17
Vendor RedHat Last vendor Modification 2009-09-17
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.

An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted RADIUS packet. (CVE-2009-3111)

Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

521912 - CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1451.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10917
 
Oval ID: oval:org.mitre.oval:def:10917
Title: rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
Description: rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0967
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13881
 
Oval ID: oval:org.mitre.oval:def:13881
Title: USN-832-1 -- freeradius vulnerability
Description: It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service.
Family: unix Class: patch
Reference(s): USN-832-1
CVE-2009-3111
 Version: 5
Platform(s): Ubuntu 8.04
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22232
 
Oval ID: oval:org.mitre.oval:def:22232
Title: ELSA-2009:1451: freeradius security update (Moderate)
Description: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
Family: unix Class: patch
Reference(s): ELSA-2009:1451-01
CVE-2009-3111
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29331
 
Oval ID: oval:org.mitre.oval:def:29331
Title: RHSA-2009:1451 -- freeradius security update (Moderate)
Description: Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.
Family: unix Class: patch
Reference(s): RHSA-2009:1451
CESA-2009:1451-CentOS 5
CVE-2009-3111
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9919
 
Oval ID: oval:org.mitre.oval:def:9919
Title: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
Description: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3111
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 30

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for freeradius CESA-2009:1451 centos5 i386
File : nvt/gb_CESA-2009_1451_freeradius_centos5_i386.nasl
2010-05-12 Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006
File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl
2010-01-15 Name : Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)
File : nvt/gb_mandriva_MDVSA_2009_227_1.nasl
2009-12-30 Name : FreeBSD Ports: freeradius
File : nvt/freebsd_freeradius5.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1451 (freeradius)
File : nvt/ovcesa2009_1451.nasl
2009-11-11 Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : SLES10: Security update for freeradius
File : nvt/sles10_freeradius.nasl
2009-10-10 Name : SLES9: Security update for freeradius
File : nvt/sles9p5059720.nasl
2009-09-23 Name : FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
File : nvt/secpod_freeradius_tunnel_password_dos_vuln.nasl
2009-09-21 Name : RedHat Security Advisory RHSA-2009:1451
File : nvt/RHSA_2009_1451.nasl
2009-09-21 Name : Ubuntu USN-832-1 (freeradius)
File : nvt/ubuntu_832_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
57897 FreeRADIUS radiusd rad_decode Function Zero-length Tunnel-Password Attribute ...
2850 FreeRADIUS Tagged Attribute Handling DoS

FreeRADIUS 0.9.2, and earlier, contains a flaw that may allow a remote denial of service. The issue is triggered when reception of a malformed packet sent to the service occurs, and will result in loss of availability for the service. It is possible to crash the service due to a NULL pointer dereference bug, which can be exploited by sending an "Access-Request" packet containing a "Tunnel-Password" attribute.

Snort® IPS/IDS

Date Description
2014-01-10 FreeRADIUS RADIUS server rad_decode remote denial of service attempt
RuleID : 16209 - Revision : 8 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1451.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090917_freeradius_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freeradius-6528.nasl - Type : ACT_GATHER_INFO
2010-01-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-227.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1451.nasl - Type : ACT_GATHER_INFO
2009-12-15 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_1b3f854be4bd11deb276000d8787e1be.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO
2009-10-07 Name : The remote openSUSE host is missing a security update.
File : suse_freeradius-6496.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12507.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freeradius-6499.nasl - Type : ACT_GATHER_INFO
2009-09-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1451.nasl - Type : ACT_GATHER_INFO
2009-09-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-832-1.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2003-386.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:52:53
  • Multiple Updates
2013-05-11 00:51:07
  • Multiple Updates