The rad_decode function in FreeRADIUS prior to 1.1.8 allows remote malicious users to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 up to and including 8.11. NOTE: this is a regression error related to CVE-2003-0967.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
freeradius freeradius 0.2 |
||
freeradius freeradius 0.4 |
||
freeradius freeradius 1.0.3 |
||
freeradius freeradius 1.0.4 |
||
freeradius freeradius |
||
freeradius freeradius 1.0.2 |
||
freeradius freeradius 0.9 |
||
freeradius freeradius 0.8.1 |
||
freeradius freeradius 1.1.5 |
||
freeradius freeradius 1.0.5 |
||
freeradius freeradius 0.3 |
||
freeradius freeradius 0.8 |
||
freeradius freeradius 0.5 |
||
freeradius freeradius 1.0.1 |
||
freeradius freeradius 1.1.3 |
||
freeradius freeradius 0.9.1 |
||
freeradius freeradius 0.9.2 |
||
freeradius freeradius 0.9.3 |
||
freeradius freeradius 1.0.0 |
||
freeradius freeradius 1.1.0 |
||
freeradius freeradius 1.1.6 |
Vulmon