CVE-2009-3111

EUVD-2009-3094
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
freeradiusfreeradius
𝑥
≤ 1.1.7
freeradiusfreeradius
0.2
freeradiusfreeradius
0.3
freeradiusfreeradius
0.4
freeradiusfreeradius
0.5
freeradiusfreeradius
0.8
freeradiusfreeradius
0.8.1
freeradiusfreeradius
0.9
freeradiusfreeradius
0.9.1
freeradiusfreeradius
0.9.2
freeradiusfreeradius
0.9.3
freeradiusfreeradius
1.0.0
freeradiusfreeradius
1.0.1
freeradiusfreeradius
1.0.2
freeradiusfreeradius
1.0.3
freeradiusfreeradius
1.0.4
freeradiusfreeradius
1.0.5
freeradiusfreeradius
1.1.0
freeradiusfreeradius
1.1.3
freeradiusfreeradius
1.1.5
freeradiusfreeradius
1.1.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeradius
bookworm
3.2.1+dfsg-4+deb12u1
fixed
bullseye
3.0.21+dfsg-2.2+deb11u1
fixed
sid
3.2.5+dfsg-3
fixed
trixie
3.2.5+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeradius
dapper
ignored
hardy
Fixed 1.1.7-1ubuntu0.2
released
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
References
http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4
http://intevydis.com/vd-list.shtml
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://secunia.com/advisories/36509
http://support.apple.com/kb/HT3937
http://www.openwall.com/lists/oss-security/2009/09/09/1
http://www.redhat.com/support/errata/RHSA-2009-1451.html
http://www.securityfocus.com/bid/36263
http://www.vupen.com/english/advisories/2009/3184
https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919
http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4
http://intevydis.com/vd-list.shtml
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://secunia.com/advisories/36509
http://support.apple.com/kb/HT3937
http://www.openwall.com/lists/oss-security/2009/09/09/1
http://www.redhat.com/support/errata/RHSA-2009-1451.html
http://www.securityfocus.com/bid/36263
http://www.vupen.com/english/advisories/2009/3184
https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919