Oval Definition:oval:com.redhat.rhsa:def:20030386
Revision Date:2003-12-10Version:503
Title:RHSA-2003:386: freeradius security update (Moderate)
Description:FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol. It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users.

The rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0967 to this issue. Users of FreeRADIUS are advised to upgrade to these erratum packages containing FreeRADIUS 0.9.3 which is not vulnerable to these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2003-0967
RHSA-2003:386-02
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • freeradius-mysql is earlier than 0:0.9.3-1
  • AND freeradius-mysql is signed with Red Hat master key
  • OR
  • freeradius-postgresql is earlier than 0:0.9.3-1
  • AND freeradius-postgresql is signed with Red Hat master key
  • OR
  • freeradius-unixODBC is earlier than 0:0.9.3-1
  • AND freeradius-unixODBC is signed with Red Hat master key
  • OR
  • freeradius is earlier than 0:0.9.3-1
  • AND freeradius is signed with Red Hat master key
    • BACK