'[oss-security] CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packe'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packe
From:       Huzaifa Sidhpurwala <huzaifas () redhat ! com>
Date:       2015-07-31 6:46:05
Message-ID: 55BB16DD.2000206 () redhat ! com
[Download RAW message or body]

The FreeRADIUS project has reported a flaw that affects the EAP-PWD
module of the freeradius package versions 3.0 up to 3.0.8. This module
is not enabled by default, so administrators must have manually enabled
it for their servers to be vulnerable.

Reference:
http://freeradius.org/security.html#eap-pwd-2015

Can a CVE id be please assigned to this flaw?

-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic