CVE-2009-3111
Publication date 9 September 2009
Last updated 24 July 2024
Ubuntu priority
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
Status
Package | Ubuntu Release | Status |
---|---|---|
freeradius | 9.10 karmic |
Not affected
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid |
Not affected
|
|
8.04 LTS hardy |
Fixed 1.1.7-1ubuntu0.2
|
|
6.06 LTS dapper | Ignored end of life |