FreeRADIUS Malformed USR VSA DoS

2004-09-15T05:38:12
ID OSVDB:11807
Type osvdb
Reporter OSVDB
Modified 2004-09-15T05:38:12

Description

Vulnerability Description

FreeRadius contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a packet with a malformed USR VSA which may cause it to call memcpy with a length value of -1. memcpy interprets this as 0xffffffff which causes it to enter an infinite loop, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FreeRadius contains a flaw that may allow a remote denial of service. The issue is triggered when the server recieves a packet with a malformed USR VSA which may cause it to call memcpy with a length value of -1. memcpy interprets this as 0xffffffff which causes it to enter an infinite loop, and will result in loss of availability for the service.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:12570 Secunia Advisory ID:13193 Related OSVDB ID: 11806 RedHat RHSA: RHSA-2004:609 ISS X-Force ID: 17440 CVE-2004-0938 CVE-2004-0960 CVE-2004-0961 CERT VU: 541574 Bugtraq ID: 11222