Published: 07/10/2010 Updated: 08/10/2010

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x prior to 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote malicious users to cause a denial of service (daemon crash) by sending many requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeradius freeradius 2.1.1
freeradius freeradius 2.1.0
freeradius freeradius 2.1.6
freeradius freeradius 2.1.3
freeradius freeradius 2.1.9
freeradius freeradius 2.1.7
freeradius freeradius 2.1.4
freeradius freeradius 2.1.2
freeradius freeradius 2.1.8

Debian Bug report logs - #600176 freeradius: CVE-2010-3696 CVE-2010-3697 Package: freeradius; Maintainer for freeradius is Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers@listsaliothdebianorg>; Source for freeradius is src:freeradius (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univen ...

CWE-399 http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223 http://www.openwall.com/lists/oss-security/2010/10/01/8 https://bugzilla.redhat.com/show_bug.cgi?id=639397 http://freeradius.org/press/index.html#2.1.10 http://secunia.com/advisories/41621 https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35 http://www.openwall.com/lists/oss-security/2010/10/01/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600176 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3697

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect