Check Point Advisories

Preemptive Protection against FreeRADIUS RADIUS Server rad_decode Remote Denial of Service

Check Point Reference: CPAI-2009-235
Date Published: 23 Sep 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA36676
Industry Reference:CVE_2009-3111
Protection Provided by:
Who is Vulnerable? FreeRADIUS Project RADIUS Server 1.1.7 and prior
Vulnerability Description A denial of service vulnerability has been reported in FreeRADIUS's RADIUS Server. The vulnerability is due to improper handling of Access Request packets containing the Tunnel-Password attribute. A malicious user can exploit this vulnerability by sending a specially crafted "Tunnel-Password" attribute in an "Access-Request" packet to the server, possibly causing a denial of service condition.
Update/Patch AvaliableThe vendor has released an advisory regarding this issue:
https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html
Vulnerability DetailsRemote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) services for users to connect and utilize network resources. The vulnerability is due to improper handling of Access Request packets containing the Tunnel-Password attribute.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK