6

USN-832-1: FreeRADIUS vulnerability

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-3111 Description:  =========================================================== Ubuntu Security Notice USN-832-1 September 16, 2009 freeradius vulnerability CVE-2009-3111 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: freeradius 1.1.7-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service. (Distributions)