CVE-2010-3697

Publication date 7 October 2010

Last updated 24 July 2024


Ubuntu priority

The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.

Read the notes from the security team

Status

Package Ubuntu Release Status
freeradius 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life
10.04 LTS lucid
Not affected
9.10 karmic Ignored end of life
9.04 jaunty Ignored end of life
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected

Notes


mdeslaur

upstream has disputed this CVE, as the server would need to be down already, so no security impact.