Oval Definition:	oval:org.mitre.oval:def:9919
Revision Date: 2013-04-29 Version: 12 Title: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. Description: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-3111 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section freeradius-mysql is earlier than 0:1.1.3-1.5.el5_4 OR freeradius-unixODBC is earlier than 0:1.1.3-1.5.el5_4 OR freeradius is earlier than 0:1.1.3-1.5.el5_4 OR freeradius-postgresql is earlier than 0:1.1.3-1.5.el5_4
BACK