On Redhat 9 upgrading wacked my dictionary entries.
I had to redo /ect/raddb/dictionary.
Ted
On Thu, 2003-11-20 at 16:43, Matthew Schumacher wrote:
> Alan,
>
> Thanks for your hard work... we all appreciate it.
>
> Alan DeKok wrote:
> > Bug reports are nice. Lack of notification is stupid.
> >
> > With that said, 0.9.3 has been released. It's in the normal places:
> >
> > ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz
> >
> > With PGP signature at:
> >
> > ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz.sig
> >
> > It is just 0.9.2 with a bug fixed, and the version number updated.
> >
> >
> > The original reporter threatened to release an exploit when I told
> > him I was unhappy with his lack of notification prior to the public
> > release of the vulnerability information. Blackmail is stupid.
> >
> > As it turns out, however, the problem isn't as bad as it could have
> > been. The bug he reported can cause the server to crash, but is
> > difficult to exploit. Any attack code MUST be in the form of a valid
> > RADIUS packet, which significantly limits the possible exploits.
> >
> > However, there was another bug which the reporter did NOT discover,
> > which causes the server to de-reference a NULL pointer, and thus
> > crash, whenever an Access-Request packet containing a Tunnel-Password
> > attribute is received.
> >
> > Both bugs have been fixed in 0.9.3, and in the CVS head.
> >
> > We recommend that everyone upgrade to 0.9.3 as soon as possible.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DISCLAIMER
e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof.
E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.
REGARDING PRIVACY AND CONFIDENTIALITY
Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
