Foundry Networks Inc. Information for VU#541574

freeRADIUS Server vulnerable to a denial-of-service attack

Status

Not Affected

Vendor Statement

Foundry switches and routers are not vulnerable.

Foundry does not utilize the freeRADIUS software in any of its product offerings.

Foundry does recommend that any customer using the freeRADIUS server should upgrade their freeRADIUS software. Servers that are not upgraded run the risk of being successfully attacked using this vulnerability, causing the device to crash and lose network connectivity. Devices using the IEEE 802.1x authentication mechanism would not be authenticated when the RADIUS server is down and would not be allowed access to the network.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.