What is the vulnerability in REDHAT-BUG-639397?

The vulnerability in REDHAT-BUG-639397 is an error that can cause the FreeRADIUS process to crash when processing requests queued for more than 30 seconds.

Which versions are affected by REDHAT-BUG-639397?

REDHAT-BUG-639397 affects FreeRADIUS versions between 2.1.0 and 2.1.9.

How do I fix REDHAT-BUG-639397?

To fix REDHAT-BUG-639397, upgrade FreeRADIUS to version 2.1.10 or later.

What are the consequences of not addressing REDHAT-BUG-639397?

Not addressing REDHAT-BUG-639397 could lead to service interruptions due to process crashes under heavy request conditions.

Is there a workaround for REDHAT-BUG-639397?

There is no official workaround for REDHAT-BUG-639397, and the recommended action is to upgrade to a secure version.

Vulnerability/
REDHAT-BUG-639397

low

1/10/2010

26/3/2021

REDHAT-BUG-639397

First published: Fri Oct 01 2010(Updated: )

It was reported [1],[2] that an error when processing requests queued for more than 30 seconds in src/main/event.c could be exploited to cause the process to crash by sending a large number of requests for an extended period of time. This flaw seems to only affect 2.1.x and was fixed [3] in 2.1.10. [1] <a href="https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35">https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35</a> [2] <a href="http://secunia.com/advisories/41621">http://secunia.com/advisories/41621</a> [3] <a href="http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223">http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223</a> The offending file (event.c), nor the affected function (wait_for_child_to_die()) are not present in the version of freeradius as provided with Red Hat Enterprise Linux 5 (1.1.3).

Affected Software	Affected Version	How to fix
FreeRADIUS FreeRADIUS	>=2.1.0<2.1.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability in REDHAT-BUG-639397?
The vulnerability in REDHAT-BUG-639397 is an error that can cause the FreeRADIUS process to crash when processing requests queued for more than 30 seconds.
Which versions are affected by REDHAT-BUG-639397?
REDHAT-BUG-639397 affects FreeRADIUS versions between 2.1.0 and 2.1.9.
How do I fix REDHAT-BUG-639397?
To fix REDHAT-BUG-639397, upgrade FreeRADIUS to version 2.1.10 or later.
What are the consequences of not addressing REDHAT-BUG-639397?
Not addressing REDHAT-BUG-639397 could lead to service interruptions due to process crashes under heavy request conditions.
Is there a workaround for REDHAT-BUG-639397?
There is no official workaround for REDHAT-BUG-639397, and the recommended action is to upgrade to a secure version.

collector/redhat-bugzilla
alias/CVE-2010-3697
agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/references
agent/description
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/freeradius
canonical/freeradius freeradius

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.