Fedora: freeradius Denial of service vulnerability
Summary
The FreeRADIUS Server Project is a high performance and highly configurable
GPL'd free RADIUS server. The server is similar in some respects to
Livingston's 2.0 server. While FreeRADIUS started as a variant of the
Cistron RADIUS server, they don't share a lot in common any more. It now has
many more features than Cistron or Livingston, and is much more configurable.
FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
protocol, as defined in RFC 2865 (and others). It allows Network Access
Servers (NAS boxes) to perform authentication for dial-up users. There are
also RADIUS clients available for Web servers, firewalls, Unix logins, and
more. Using RADIUS allows authentication and authorization for a network to
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.
This version corrects a flaw in 0.9.2 (and all earlier versions of the
server) which may allow an attacker to DoS the server.
The bug does not look to be easily exploitable, as it overwrites the heap
(not the stack), and any exploit code must be in the form of a valid RADIUS
packet.
This update can be downloaded from:
45682e5adaf0d649c3f4c30a4b7cb1af SRPMS/freeradius-0.9.3-1.1.src.rpm
9642e1db1cf8955d4fc24040b73f3506 i386/freeradius-0.9.3-1.1.i386.rpm
55d0a73f2a1da031d8b3ad0775fb2512 i386/debug/freeradius-debuginfo-0.9.3-1.1.i386.rpm
421c75806a8e7e296c95ac831bccbb9d i386/freeradius-mysql-0.9.3-1.1.i386.rpm
4c5f4346bbb56bb2c09fe31183c0af6a i386/freeradius-postgresql-0.9.3-1.1.i386.rpm
7eed2b5cd2bbea4ec1064be038584caf i386/freeradius-unixODBC-0.9.3-1.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
fedora-announce-list Info Page
edora Update Notification FEDORA-2004-076 2004-02-16 Name : freeradius Version : 0.9.3 Release : 1.1 Summary : High-performance and highly configurable free RADIUS server. Description : The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many more features than Cistron or Livingston, and is much more configurable. FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. There are also RADIUS clients available for Web servers, firewalls, Unix logins, and more. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the amount of re-configuration which has to be done when adding or deleting new users. This version corrects a flaw in 0.9.2 (and all earlier versions of the server) which may allow an attacker to DoS the server. The bug does not look to be easily exploitable, as it overwrites the heap (not the stack), and any exploit code must be in the form of a valid RADIUS packet. This update can be downloaded from: 45682e5adaf0d649c3f4c30a4b7cb1af SRPMS/freeradius-0.9.3-1.1.src.rpm 9642e1db1cf8955d4fc24040b73f3506 i386/freeradius-0.9.3-1.1.i386.rpm 55d0a73f2a1da031d8b3ad0775fb2512 i386/debug/freeradius-debuginfo-0.9.3-1.1.i386.rpm 421c75806a8e7e296c95ac831bccbb9d i386/freeradius-mysql-0.9.3-1.1.i386.rpm 4c5f4346bbb56bb2c09fe31183c0af6a i386/freeradius-postgresql-0.9.3-1.1.i386.rpm 7eed2b5cd2bbea4ec1064be038584caf i386/freeradius-unixODBC-0.9.3-1.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -- fedora-announce-list mailing list fedora-announce-list@redhat.com fedora-announce-list Info Page
Change Log
References
Update Instructions
