Vulnerabilities > CVE-2009-3111 - Unspecified vulnerability in Freeradius

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

freeradius

nessus

exploit available

NVD

Published: 2009-09-09

Updated: 2024-11-21

Summary

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.

Vulnerable Configurations

Part	Description	Count
Application	Freeradius Freeradius Freeradius 0.1 Freeradius Freeradius 0.2 Freeradius Freeradius 0.3 Freeradius Freeradius 0.4 Freeradius Freeradius 0.5 Freeradius Freeradius 0.6 Freeradius Freeradius 0.7 Freeradius Freeradius 0.7.1 Freeradius Freeradius 0.8 Freeradius Freeradius 0.8.1 Freeradius Freeradius 0.9.0 Freeradius Freeradius 0.9.1 Freeradius Freeradius 0.9.2 Freeradius Freeradius 0.9.3 Freeradius Freeradius 1.0.0 Freeradius Freeradius 1.0.1 Freeradius Freeradius 1.0.2 Freeradius Freeradius 1.0.3 Freeradius Freeradius 1.0.4 Freeradius Freeradius 1.0.5 Freeradius Freeradius 1.1.0 Freeradius Freeradius 1.1.1 Freeradius Freeradius 1.1.2 Freeradius Freeradius 1.1.3 Freeradius Freeradius 1.1.4 Freeradius Freeradius 1.1.5 Freeradius Freeradius 1.1.6 Freeradius Freeradius 1.1.7 Freeradius Freeradius 0.9	29

Exploit-Db

description	FreeRadius < 1.1.8 Zero-length Tunnel-Password DoS Exploit (CVE-2009-3111). CVE-2009-3111. Dos exploits for multiple platform
id	EDB-ID:9642
last seen	2016-02-01
modified	2009-09-11
published	2009-09-11
reporter	Matthew Gillespie
source	https://www.exploit-db.com/download/9642/
title	FreeRadius < 1.1.8 - Zero-length Tunnel-Password DoS Exploit

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2009-006.NASL
description	The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
last seen	2020-06-01
modified	2020-06-02
plugin id	42433
published	2009-11-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42433
title	Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]\|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-832-1.NASL
description	It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	41006
published	2009-09-17
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/41006
title	Ubuntu 8.04 LTS : freeradius vulnerability (USN-832-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-832-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(41006); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2009-3111"); script_xref(name:"USN", value:"832-1"); script_name(english:"Ubuntu 8.04 LTS : freeradius vulnerability (USN-832-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/832-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-dialupadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-iodbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius-postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"freeradius", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-dbg", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-dialupadmin", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-iodbc", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-krb5", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-ldap", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-mysql", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freeradius-postgresql", pkgver:"1.1.7-1ubuntu0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius / freeradius-dbg / freeradius-dialupadmin / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-1451.NASL
description	Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	41008
published	2009-09-18
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/41008
title	RHEL 5 : freeradius (RHSA-2009:1451)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-1451.NASL
description	From Red Hat Security Advisory 2009:1451 : Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	67926
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67926
title	Oracle Linux 5 : freeradius (ELSA-2009-1451)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20090917_FREERADIUS_ON_SL5_X.NASL
description	CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967 An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111) After installing the update, radiusd will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	60666
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60666
title	Scientific Linux Security Update : freeradius on SL5.x i386/x86_64

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-227.NASL
description	A vulnerability has been found and corrected in freeradius : The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
last seen	2020-06-01
modified	2020-06-02
plugin id	43851
published	2010-01-12
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/43851
title	Mandriva Linux Security Advisory : freeradius (MDVSA-2009:227-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_1B3F854BE4BD11DEB276000D8787E1BE.NASL
description	freeRADIUS Vulnerability Notifications reports : 2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability. This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.
last seen	2020-06-01
modified	2020-06-02
plugin id	43161
published	2009-12-15
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43161
title	FreeBSD : freeradius -- remote packet of death vulnerability (1b3f854b-e4bd-11de-b276-000d8787e1be)

NASL family	SuSE Local Security Checks
NASL id	SUSE_FREERADIUS-6499.NASL
description	This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)
last seen	2020-06-01
modified	2020-06-02
plugin id	41966
published	2009-10-02
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41966
title	SuSE 10 Security Update : freeradius (ZYPP Patch Number 6499)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-1451.NASL
description	Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	43791
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43791
title	CentOS 5 : freeradius (CESA-2009:1451)

NASL family	SuSE Local Security Checks
NASL id	SUSE_FREERADIUS-6528.NASL
description	This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)
last seen	2020-06-01
modified	2020-06-02
plugin id	49853
published	2010-10-11
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49853
title	SuSE 10 Security Update : freeradius (ZYPP Patch Number 6528)

NASL family	SuSE Local Security Checks
NASL id	SUSE_FREERADIUS-6496.NASL
description	This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)
last seen	2020-06-01
modified	2020-06-02
plugin id	42049
published	2009-10-07
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42049
title	openSUSE 10 Security Update : freeradius (freeradius-6496)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12507.NASL
description	This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)
last seen	2020-06-01
modified	2020-06-02
plugin id	41964
published	2009-10-02
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41964
title	SuSE9 Security Update : freeradius (YOU Patch Number 12507)

Oval

accepted

2013-04-29T04:23:19.277-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9919

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Packetstorm

data source	https://packetstormsecurity.com/files/download/81198/freeradius-dos.txt
id	PACKETSTORM:81198
last seen	2016-12-05
published	2009-09-11
reporter	Matthew Gillespie
source	https://packetstormsecurity.com/files/81198/FreeRadius-Packet-Of-Death.html
title	FreeRadius Packet Of Death

Redhat

advisories

bugzilla

id	521912
title	CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment freeradius-postgresql is earlier than 0:1.1.3-1.5.el5_4
oval oval:com.redhat.rhsa:tst:20091451001
comment freeradius-postgresql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070338013

AND
comment freeradius is earlier than 0:1.1.3-1.5.el5_4
oval oval:com.redhat.rhsa:tst:20091451003
comment freeradius is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070338017

AND

comment freeradius-unixODBC is earlier than 0:1.1.3-1.5.el5_4
oval oval:com.redhat.rhsa:tst:20091451005
comment freeradius-unixODBC is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070338015

AND

comment freeradius-mysql is earlier than 0:1.1.3-1.5.el5_4
oval oval:com.redhat.rhsa:tst:20091451007
comment freeradius-mysql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070338011

rhsa

id	RHSA-2009:1451
released	2009-09-17
severity	Moderate
title	RHSA-2009:1451: freeradius security update (Moderate)

rpms

freeradius-0:1.1.3-1.5.el5_4
freeradius-debuginfo-0:1.1.3-1.5.el5_4
freeradius-mysql-0:1.1.3-1.5.el5_4
freeradius-postgresql-0:1.1.3-1.5.el5_4
freeradius-unixODBC-0:1.1.3-1.5.el5_4

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:14525
last seen	2017-11-19
modified	2009-09-11
published	2009-09-11
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-14525
title	FreeRadius < 1.1.8 Zero-length Tunnel-Password DoS Exploit (CVE-2009-3111)

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Packetstorm

Redhat

Seebug

References