Vigil@nce: FreeRADIUS, memory corruption via Tunnel-Password
September 2009 by Vigil@nce
An attacker can send malicious data to the FreeRADIUS server, in
order to generate a denial of service or to execute code.
– Severity: 2/4
– Consequences: privileged access/rights, denial of service of
service
– Provenance: intranet client
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/09/2009
IMPACTED PRODUCTS
– Mandriva Corporate
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The VIGILANCE-VUL-3878 (https://vigilance.fr/tree/1/3878) bulletin
describes a memory corruption, which was corrected in FreeRADIUS
version 0.9.3, in November 2003.
However, the same vulnerability was reintroduced in the source
code of the branch 1.1, and impacts versions inferior to 1.1.8.
An attacker can therefore send malicious data to the FreeRADIUS
server, in order to generate a denial of service or to execute
code.
CHARACTERISTICS
– Identifiers: CVE-2009-3111, MDVSA-2009:226, VIGILANCE-VUL-9016
Pointed by: VIGILANCE-VUL-9000
– Url: http://vigilance.fr/vulnerability/FreeRADIUS-memory-corruption-via-Tunnel-Password-9016