Foundry Networks Inc. Information for VU#541574
freeRADIUS Server vulnerable to a denial-of-service attack
- Vendor Information Help Date Notified: 05 Oct 2004
- Statement Date:
- Date Updated: 06 Oct 2004
Foundry switches and routers are not vulnerable.
Foundry does not utilize the freeRADIUS software in any of its product offerings.
Foundry does recommend that any customer using the freeRADIUS server should upgrade their freeRADIUS software. Servers that are not upgraded run the risk of being successfully attacked using this vulnerability, causing the device to crash and lose network connectivity. Devices using the IEEE 802.1x authentication mechanism would not be authenticated when the RADIUS server is down and would not be allowed access to the network.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.