ID de Prueba:	1.3.6.1.4.1.25623.1.0.900856
Categoría:	Denial of Service
Título:	FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
Resumen:	FreeRADIUS is prone to a Denial of Service vulnerability.
Descripción:	Summary: FreeRADIUS is prone to a Denial of Service vulnerability. Vulnerability Insight: The flaws are due to: - An error in the 'rad_decode()' function in 'src/lib/radius.c' which can be exploited via zero-length Tunnel-Password attributes. - An unspecified error that can be exploited to crash the 'radiusd' daemon. Vulnerability Impact: Successful exploitation will allow an attacker to crash the service. Affected Software/OS: FreeRADIUS version prior to 1.1.8. Solution: Upgrade to version 1.1.8. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3111 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 36263 http://www.securityfocus.com/bid/36263 http://intevydis.com/vd-list.shtml https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html http://www.openwall.com/lists/oss-security/2009/09/09/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919 http://www.redhat.com/support/errata/RHSA-2009-1451.html http://secunia.com/advisories/36509 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.vupen.com/english/advisories/2009/3184
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.