GLSA 200311-04: FreeRADIUS: heap exploit and NULL pointer dereference vulnerability

http://security.gentoo.org/

Severity:	normal
Title:	FreeRADIUS: heap exploit and NULL pointer dereference vulnerability
Date:	11/23/2003
Bugs:	#33989
ID:	200311-04

Synopsis

FreeRADIUS is vulnerable to a heap exploit and a NULL pointer dereference vulnerability.

Background

FreeRADIUS is a popular open source RADIUS server.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
net-dialup/freeradius	<= 0.9.2	>= 0.9.3	All supported architectures

Description

FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, the attack code must be in the form of a valid RADIUS packet which limits the possible exploits.

Also corrected in the 0.9.3 release is another vulnerability which causes the RADIUS server to de-reference a NULL pointer and crash when an Access-Request packet with a Tunnel-Password is received.

Impact

A remote attacker could craft a RADIUS packet which would cause the RADIUS server to crash, or could possibly overflow the heap resulting in a system compromise.

Workaround

There is no known workaround at this time.

Resolution

Users are encouraged to perform an 'emerge sync' and upgrade the package to the latest available version - 0.9.3 is available in portage and is marked as stable.

    # emerge sync
    # emerge -pv '>=net-dialup/freeradius-0.9.3'
    # emerge '>=net-dialup/freeradius-0.9.3'
    # emerge clean

References

SecurityTracker.com Security Alert

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200311-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.