FreeRADIUS Ascend-Send-Secret Processing Remote DoS

2004-09-20T00:00:00
ID OSVDB:10178
Type osvdb
Reporter Evgeny Demidov(demidov@gleg.net)
Modified 2004-09-20T00:00:00

Description

Vulnerability Description

FreeRADIUS contains a flaw that may allow a remote denial of service. The issue is triggered when an Ascend-Send-Secret packet without an original packet occurs, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FreeRADIUS contains a flaw that may allow a remote denial of service. The issue is triggered when an Ascend-Send-Secret packet without an original packet occurs, and will result in loss of availability for the service.

References:

Vendor URL: http://www.freeradius.org/ Vendor Specific Solution URL: http://www.freeradius.org/security.html Vendor Specific Advisory URL Security Tracker: 1011364 Secunia Advisory ID:12570 Secunia Advisory ID:13193 Related OSVDB ID: 11807 Related OSVDB ID: 11806 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0596.html ISS X-Force ID: 17440 CVE-2004-0938 CVE-2004-0960 CVE-2004-0961 Bugtraq ID: 11222