Vulnerability Note VU#541574
freeRADIUS Server vulnerable to a denial-of-service attack
Multiple vulnerabilities in freeRADIUS Server may allow attackers to cause a denial-of-service condition.
The Remote Authentication Dial In User Service (RADIUS) protocol is used for remote user authentication and accounting. freeRADIUS Server is an popular open-source RADIUS server.
According to freeRADIUS, three independent bugs in freeRADIUS Server versions 0.8.0 to 1.0.0 inclusive, may cause a denial-of-service condition.
A remote attacker may be able to crash the freeRADIUS Server causing a denial-of-service condition.
Limit Access to freeRADIUS
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian||Affected||05 Oct 2004||18 Oct 2004|
|FreeRADIUS||Affected||28 Sep 2004||29 Sep 2004|
|Apple Computer Inc.||Not Affected||05 Oct 2004||01 Feb 2005|
|Chiaro Networks||Not Affected||05 Oct 2004||07 Oct 2004|
|Foundry Networks Inc.||Not Affected||05 Oct 2004||06 Oct 2004|
|Hitachi||Not Affected||05 Oct 2004||08 Oct 2004|
|Intoto||Not Affected||05 Oct 2004||14 Oct 2004|
|Stonesoft||Not Affected||05 Oct 2004||07 Oct 2004|
|3Com||Unknown||05 Oct 2004||05 Oct 2004|
|Alcatel||Unknown||05 Oct 2004||05 Oct 2004|
|AT&T||Unknown||05 Oct 2004||05 Oct 2004|
|Avaya||Unknown||05 Oct 2004||05 Oct 2004|
|Avici Systems Inc.||Unknown||05 Oct 2004||05 Oct 2004|
|Borderware||Unknown||05 Oct 2004||05 Oct 2004|
|BSDI||Unknown||05 Oct 2004||11 Oct 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly repoted by Secunia Security Advisories.
We thank Alan T. DeKok of freeRADIUS for providing information regarding this vulnerability.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2004-0938
- Date Public: 20 Sep 2004
- Date First Published: 06 Oct 2004
- Date Last Updated: 01 Feb 2005
- Severity Metric: 2.83
- Document Revision: 129
If you have feedback, comments, or additional information about this vulnerability, please send us email.