FreeRADIUS: heap exploit and NULL pointer dereference vulnerability
Gentoo Linux Security Advisory
||GLSA 200311-04 / FreeRADIUS
||November 23, 2003
||November 23, 2003: 01
All supported architectures
FreeRADIUS is vulnerable to a heap exploit and a NULL pointer dereference
FreeRADIUS is a popular open source RADIUS server.
FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however,
the attack code must be in the form of a valid RADIUS packet which limits
the possible exploits.
Also corrected in the 0.9.3 release is another vulnerability which causes
the RADIUS server to de-reference a NULL pointer and crash when an
Access-Request packet with a Tunnel-Password is received.
A remote attacker could craft a RADIUS packet which would cause the RADIUS
server to crash, or could possibly overflow the heap resulting in a system
There is no known workaround at this time.
Users are encouraged to perform an 'emerge sync' and upgrade the package to
the latest available version - 0.9.3 is available in portage and is marked
Code Listing 3.1: Resolution
# emerge sync
# emerge -pv '>=net-dialup/freeradius-0.9.3'
# emerge '>=net-dialup/freeradius-0.9.3'
# emerge clean