full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2009:227-1 ] freer

[Full-disclosure] [ MDVSA-2009:227-1 ] freeradius

From: <security_at_nospam>
Date: Mon Jan 11 2010 - 18:16:00 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2009:227-1  http://www.mandriva.com/security/
Package : freeradius Date : January 11, 2010 Affected: 2008.0
_______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in freeradius:  

 The rad_decode function in FreeRADIUS before 1.1.8 allows remote  attackers to cause a denial of service (radiusd crash) via zero-length  Tunnel-Password attributes. NOTE: this is a regression error related  to CVE-2003-0967 (CVE-2009-3111).  

 This update provides a solution to this vulnerability.

 Update:

 Packages for 2008.0 are provided for Corporate Desktop 2008.0  customers.


 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111


 Updated Packages:

 Mandriva Linux 2008.0: 5db7c7125fc6b64c4e19b41743a3d391 2008.0/i586/freeradius-1.1.7-2.1mdv2008.0.i586.rpm d59025aad5710dcf003b8edfe695848c 2008.0/i586/libfreeradius1-1.1.7-2.1mdv2008.0.i586.rpm 02aa3c297749e91957e097e9de134ce7 2008.0/i586/libfreeradius1-devel-1.1.7-2.1mdv2008.0.i586.rpm ddaa5a7e121c621798cf0358a245c5ce 2008.0/i586/libfreeradius1-krb5-1.1.7-2.1mdv2008.0.i586.rpm 1f0ea64c0787b93c42fb29fbd615baad 2008.0/i586/libfreeradius1-ldap-1.1.7-2.1mdv2008.0.i586.rpm c4f227f1f8f935148c0c7aeba688d3df 2008.0/i586/libfreeradius1-mysql-1.1.7-2.1mdv2008.0.i586.rpm 8f5eb11bfcf411b1854cec739a17e496 2008.0/i586/libfreeradius1-postgresql-1.1.7-2.1mdv2008.0.i586.rpm f44080d2bd42733cc640992d70f94399 2008.0/i586/libfreeradius1-unixODBC-1.1.7-2.1mdv2008.0.i586.rpm 088a48c14b01451f7799c2a0b3820f70 2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: d26be209e79a0da439d3489108650ea2 2008.0/x86_64/freeradius-1.1.7-2.1mdv2008.0.x86_64.rpm 082f9155c2f093e74c2186e708bebbe6 2008.0/x86_64/lib64freeradius1-1.1.7-2.1mdv2008.0.x86_64.rpm 4e3053bd6265f37ba4527c9738624473 2008.0/x86_64/lib64freeradius1-devel-1.1.7-2.1mdv2008.0.x86_64.rpm bc25d9c5adc3f7ce432fa20160616e45 2008.0/x86_64/lib64freeradius1-krb5-1.1.7-2.1mdv2008.0.x86_64.rpm 268827f99ffd55741d727725fc6236fd 2008.0/x86_64/lib64freeradius1-ldap-1.1.7-2.1mdv2008.0.x86_64.rpm 84f2e95d7c341e593d437cae273bf340 2008.0/x86_64/lib64freeradius1-mysql-1.1.7-2.1mdv2008.0.x86_64.rpm d3ea3f4db30aefbb571714904fa5f4fb 2008.0/x86_64/lib64freeradius1-postgresql-1.1.7-2.1mdv2008.0.x86_64.rpm a7a6e27406a4ec0bcdfc9a1399e21719 2008.0/x86_64/lib64freeradius1-unixODBC-1.1.7-2.1mdv2008.0.x86_64.rpm 088a48c14b01451f7799c2a0b3820f70 2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLSz96mqjQ0CJFipgRAhn1AKDrpsYazirmVWdmk9e2QVlhT/I23ACgnuZF tXu2ME6yDlg4jrTPfZ0jz5Q=
=b2h3
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/