cvelistv5 - cve-2009-3111

CVE-2009-3111 (GCVE-0-2009-3111)

Vulnerability from cvelistv5 – Published: 2009-09-09 18:00 – Updated: 2024-08-07 06:14

Summary

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/36263	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://github.com/alandekok/freeradius-server/com…	x_refsource_CONFIRM
	https://lists.freeradius.org/pipermail/freeradius…	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/36509	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://intevydis.com/vd-list.shtml	x_refsource_MISC
	http://www.vupen.com/english/advisories/2009/3184	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.openwall.com/lists/oss-security/2009/09/09/1	mailing-listx_refsource_MLIST
	http://www.redhat.com/support/errata/RHSA-2009-14…	vendor-advisoryx_refsource_REDHAT
	http://support.apple.com/kb/HT3937	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:56.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36263"
          },
          {
            "name": "SUSE-SR:2009:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
          },
          {
            "name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
          },
          {
            "name": "36509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36509"
          },
          {
            "name": "oval:org.mitre.oval:def:9919",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://intevydis.com/vd-list.shtml"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
          },
          {
            "name": "RHSA-2009:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "36263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36263"
        },
        {
          "name": "SUSE-SR:2009:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
        },
        {
          "name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
        },
        {
          "name": "36509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36509"
        },
        {
          "name": "oval:org.mitre.oval:def:9919",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://intevydis.com/vd-list.shtml"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
        },
        {
          "name": "RHSA-2009:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36263",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36263"
            },
            {
              "name": "SUSE-SR:2009:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
            },
            {
              "name": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4",
              "refsource": "CONFIRM",
              "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
            },
            {
              "name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
              "refsource": "MLIST",
              "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
            },
            {
              "name": "36509",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36509"
            },
            {
              "name": "oval:org.mitre.oval:def:9919",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
            },
            {
              "name": "http://intevydis.com/vd-list.shtml",
              "refsource": "MISC",
              "url": "http://intevydis.com/vd-list.shtml"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
            },
            {
              "name": "RHSA-2009:1451",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3937"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3111",
    "datePublished": "2009-09-09T18:00:00",
    "dateReserved": "2009-09-09T00:00:00",
    "dateUpdated": "2024-08-07T06:14:56.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.7\", \"matchCriteriaId\": \"F6D6F259-6145-48C9-A81B-5A331F43A76D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AEDD86F-92B9-43EC-80E3-54010E249FC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFDB110B-4057-4BA4-993A-9DA14888A093\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52C8708B-4D1A-48A7-87DF-DF4B53E66D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0369C1A6-A0FE-4BF8-89F5-5ED384565DAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1638CC08-8886-4863-8532-883A8616592F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E4FD4F2-0449-4562-ABF2-927206CB77DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"636F3F00-97A5-4497-A6A9-722AFC5BD689\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EECDFCD7-0189-4C59-842D-C5F9064033A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD634946-ED9B-47EB-8D0F-88EA6057D17C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49152208-4DBD-4AF7-BCB3-3D56650899F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90AF846A-F239-4963-B260-7CB48334B8B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E95ADE53-BFBE-4B06-A1BF-EF576D567554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C48FE12-68CB-462D-B75E-204894325F5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1321F1E7-4B14-4B16-91D0-AE9E9951D12A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"313EFEC5-1580-4ACE-BB9C-84E3714F2C37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B93BEF0-09C1-4DF8-8761-582DE975F306\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F927232-6275-497E-BF09-B4DCF19642C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F07F89D7-504B-4892-9840-A3FED5274F5A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n rad_decode FreeRADIUS  anterior a v1.1.8, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda de radiusd) a trav\\u00e9s de los atributos zero-length Tunnel-Password. NOTA: esto es una regresi\\u00f3n al error relacionado con el CVE-2003-0967.\"}]",
      "id": "CVE-2009-3111",
      "lastModified": "2024-11-21T01:06:34.547",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-09-09T18:30:00.860",
      "references": "[{\"url\": \"http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://intevydis.com/vd-list.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/36509\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT3937\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2009/09/09/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1451.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/36263\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3184\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://intevydis.com/vd-list.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36509\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT3937\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2009/09/09/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1451.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/36263\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3111\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-09-09T18:30:00.860\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n rad_decode FreeRADIUS  anterior a v1.1.8, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de radiusd) a trav\u00e9s de los atributos zero-length Tunnel-Password. NOTA: esto es una regresi\u00f3n al error relacionado con el CVE-2003-0967.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.7\",\"matchCriteriaId\":\"F6D6F259-6145-48C9-A81B-5A331F43A76D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AEDD86F-92B9-43EC-80E3-54010E249FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFDB110B-4057-4BA4-993A-9DA14888A093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C8708B-4D1A-48A7-87DF-DF4B53E66D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0369C1A6-A0FE-4BF8-89F5-5ED384565DAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1638CC08-8886-4863-8532-883A8616592F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E4FD4F2-0449-4562-ABF2-927206CB77DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"636F3F00-97A5-4497-A6A9-722AFC5BD689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECDFCD7-0189-4C59-842D-C5F9064033A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD634946-ED9B-47EB-8D0F-88EA6057D17C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49152208-4DBD-4AF7-BCB3-3D56650899F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90AF846A-F239-4963-B260-7CB48334B8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E95ADE53-BFBE-4B06-A1BF-EF576D567554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C48FE12-68CB-462D-B75E-204894325F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1321F1E7-4B14-4B16-91D0-AE9E9951D12A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"313EFEC5-1580-4ACE-BB9C-84E3714F2C37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B93BEF0-09C1-4DF8-8761-582DE975F306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F927232-6275-497E-BF09-B4DCF19642C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F07F89D7-504B-4892-9840-A3FED5274F5A\"}]}]}],\"references\":[{\"url\":\"http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://intevydis.com/vd-list.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/36509\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3937\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/09/09/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1451.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/36263\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3184\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://intevydis.com/vd-list.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/09/09/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1451.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/36263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2009-AVI-384

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente dans FreeRADIUS permet à un utilisateur distant de provoquer un déni de service.

Description

Une vulnérabilité est présente dans FreeRADIUS. Elle est relative à la fonction rad_decode() et permet à un utilisateur distant de provoquer un déni de service par le biais d'un paquet de demande d'accès (Access-Request) construit de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La version 1.1.8 corrige le problème :

http://www.freeradius.org

FreeRADIUS versions 1.1.3 à 1.1.7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FreeRADIUS du 09 septembre 2009	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-832-1 du 16 septembre 2009 : http://www.ubuntu.com/usn/USN-832-1	-	other
Bulletin de sécurité RedHat RHSA-2009:1451-1 du 17 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFreeRADIUS versions 1.1.3 \u00e0 1.1.7.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans FreeRADIUS. Elle est relative \u00e0 la\nfonction rad_decode() et permet \u00e0 un utilisateur distant de provoquer un\nd\u00e9ni de service par le biais d\u0027un paquet de demande d\u0027acc\u00e8s\n(Access-Request) construit de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLa version 1.1.8 corrige le probl\u00e8me :\n\n    http://www.freeradius.org\n",
  "cves": [
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-832-1 du 16 septembre 2009    :      http://www.ubuntu.com/usn/USN-832-1",
      "url": "https://www.ubuntu.com/usn/USN-832-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1451-1 du 17    septembre 2009 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1451.html"
    }
  ],
  "reference": "CERTA-2009-AVI-384",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins RedHat et Ubuntu.",
      "revision_date": "2009-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans \u003cspan class=\"textit\"\u003eFreeRADIUS\u003c/span\u003e\npermet \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de FreeRADIUS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FreeRADIUS du 09 septembre 2009",
      "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
    }
  ]
}

CERTA-2009-AVI-487

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Apple MacOS X permettent entre autres l'exécution de code arbitraire à distance.

Description

L'éditeur Apple a publié un ensemble de correctifs pour les applications livrées avec son système d'exploitation Mac OS X. L'exploitation des vulnérabilités par une personne malintentionnée pourrait permettre, entre autres, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3937 du 09 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027\u00e9diteur Apple a publi\u00e9 un ensemble de correctifs pour les applications\nlivr\u00e9es avec son syst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation des\nvuln\u00e9rabilit\u00e9s par une personne malintentionn\u00e9e pourrait permettre,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2832"
    },
    {
      "name": "CVE-2009-3293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3293"
    },
    {
      "name": "CVE-2009-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2820"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2009-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
    },
    {
      "name": "CVE-2009-2839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2839"
    },
    {
      "name": "CVE-2009-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2825"
    },
    {
      "name": "CVE-2009-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2810"
    },
    {
      "name": "CVE-2009-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
    },
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2798"
    },
    {
      "name": "CVE-2007-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
    },
    {
      "name": "CVE-2009-2833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2833"
    },
    {
      "name": "CVE-2009-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2203"
    },
    {
      "name": "CVE-2009-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2823"
    },
    {
      "name": "CVE-2009-2840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2840"
    },
    {
      "name": "CVE-2009-2824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2824"
    },
    {
      "name": "CVE-2009-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2819"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-2838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2838"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2009-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2818"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2007-5707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
    },
    {
      "name": "CVE-2008-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2009-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
    },
    {
      "name": "CVE-2009-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
    },
    {
      "name": "CVE-2009-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2808"
    },
    {
      "name": "CVE-2009-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2830"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    },
    {
      "name": "CVE-2009-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2829"
    },
    {
      "name": "CVE-2009-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2826"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3291"
    },
    {
      "name": "CVE-2009-2837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2837"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    },
    {
      "name": "CVE-2009-2836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2836"
    },
    {
      "name": "CVE-2009-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2799"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-2835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2835"
    },
    {
      "name": "CVE-2009-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2831"
    },
    {
      "name": "CVE-2009-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3235"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    },
    {
      "name": "CVE-2009-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2828"
    },
    {
      "name": "CVE-2009-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2202"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-487",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3937 du 09 novembre 2009",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3937"
    }
  ]
}

CERTA-2009-AVI-487

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Apple MacOS X permettent entre autres l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3937 du 09 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027\u00e9diteur Apple a publi\u00e9 un ensemble de correctifs pour les applications\nlivr\u00e9es avec son syst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation des\nvuln\u00e9rabilit\u00e9s par une personne malintentionn\u00e9e pourrait permettre,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2832"
    },
    {
      "name": "CVE-2009-3293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3293"
    },
    {
      "name": "CVE-2009-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2820"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2009-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
    },
    {
      "name": "CVE-2009-2839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2839"
    },
    {
      "name": "CVE-2009-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2825"
    },
    {
      "name": "CVE-2009-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2810"
    },
    {
      "name": "CVE-2009-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
    },
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2798"
    },
    {
      "name": "CVE-2007-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
    },
    {
      "name": "CVE-2009-2833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2833"
    },
    {
      "name": "CVE-2009-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2203"
    },
    {
      "name": "CVE-2009-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2823"
    },
    {
      "name": "CVE-2009-2840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2840"
    },
    {
      "name": "CVE-2009-2824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2824"
    },
    {
      "name": "CVE-2009-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2819"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-2838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2838"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2009-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2818"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2007-5707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
    },
    {
      "name": "CVE-2008-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2009-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
    },
    {
      "name": "CVE-2009-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
    },
    {
      "name": "CVE-2009-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2808"
    },
    {
      "name": "CVE-2009-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2830"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    },
    {
      "name": "CVE-2009-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2829"
    },
    {
      "name": "CVE-2009-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2826"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3291"
    },
    {
      "name": "CVE-2009-2837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2837"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    },
    {
      "name": "CVE-2009-2836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2836"
    },
    {
      "name": "CVE-2009-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2799"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-2835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2835"
    },
    {
      "name": "CVE-2009-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2831"
    },
    {
      "name": "CVE-2009-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3235"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    },
    {
      "name": "CVE-2009-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2828"
    },
    {
      "name": "CVE-2009-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2202"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-487",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3937 du 09 novembre 2009",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3937"
    }
  ]
}

CERTA-2009-AVI-384

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente dans FreeRADIUS permet à un utilisateur distant de provoquer un déni de service.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La version 1.1.8 corrige le problème :

http://www.freeradius.org

FreeRADIUS versions 1.1.3 à 1.1.7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité FreeRADIUS du 09 septembre 2009	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-832-1 du 16 septembre 2009 : http://www.ubuntu.com/usn/USN-832-1	-	other
Bulletin de sécurité RedHat RHSA-2009:1451-1 du 17 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFreeRADIUS versions 1.1.3 \u00e0 1.1.7.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans FreeRADIUS. Elle est relative \u00e0 la\nfonction rad_decode() et permet \u00e0 un utilisateur distant de provoquer un\nd\u00e9ni de service par le biais d\u0027un paquet de demande d\u0027acc\u00e8s\n(Access-Request) construit de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLa version 1.1.8 corrige le probl\u00e8me :\n\n    http://www.freeradius.org\n",
  "cves": [
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-832-1 du 16 septembre 2009    :      http://www.ubuntu.com/usn/USN-832-1",
      "url": "https://www.ubuntu.com/usn/USN-832-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1451-1 du 17    septembre 2009 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1451.html"
    }
  ],
  "reference": "CERTA-2009-AVI-384",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins RedHat et Ubuntu.",
      "revision_date": "2009-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans \u003cspan class=\"textit\"\u003eFreeRADIUS\u003c/span\u003e\npermet \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de FreeRADIUS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FreeRADIUS du 09 septembre 2009",
      "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
    }
  ]
}

GSD-2009-3111

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3111

Aliases

CVE-2009-3111

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3111",
    "description": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.",
    "id": "GSD-2009-3111",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3111.html",
      "https://access.redhat.com/errata/RHSA-2009:1451",
      "https://linux.oracle.com/cve/CVE-2009-3111.html",
      "https://packetstormsecurity.com/files/cve/CVE-2009-3111"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3111"
      ],
      "details": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.",
      "id": "GSD-2009-3111",
      "modified": "2023-12-13T01:19:49.323769Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3111",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "36263",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36263"
          },
          {
            "name": "SUSE-SR:2009:018",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
          },
          {
            "name": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4",
            "refsource": "CONFIRM",
            "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
          },
          {
            "name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
            "refsource": "MLIST",
            "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
          },
          {
            "name": "36509",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36509"
          },
          {
            "name": "oval:org.mitre.oval:def:9919",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
          },
          {
            "name": "http://intevydis.com/vd-list.shtml",
            "refsource": "MISC",
            "url": "http://intevydis.com/vd-list.shtml"
          },
          {
            "name": "ADV-2009-3184",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "SUSE-SR:2009:016",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
          },
          {
            "name": "RHSA-2009:1451",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3937",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3937"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3111"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
            },
            {
              "name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
            },
            {
              "name": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
            },
            {
              "name": "RHSA-2009:1451",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3937"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "SUSE-SR:2009:018",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
            },
            {
              "name": "http://intevydis.com/vd-list.shtml",
              "refsource": "MISC",
              "tags": [],
              "url": "http://intevydis.com/vd-list.shtml"
            },
            {
              "name": "36263",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36263"
            },
            {
              "name": "36509",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36509"
            },
            {
              "name": "oval:org.mitre.oval:def:9919",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-09-09T18:30Z"
    }
  }
}

GHSA-Q2FP-FCX5-HFF3

Vulnerability from github – Published: 2022-05-02 03:41 – Updated: 2022-05-02 03:41

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3111"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-09T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.",
  "id": "GHSA-q2fp-fcx5-hff3",
  "modified": "2022-05-02T03:41:47Z",
  "published": "2022-05-02T03:41:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3111"
    },
    {
      "type": "WEB",
      "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
    },
    {
      "type": "WEB",
      "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
    },
    {
      "type": "WEB",
      "url": "http://intevydis.com/vd-list.shtml"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36509"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36263"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

RHSA-2009:1451

Vulnerability from csaf_redhat - Published: 2009-09-17 14:38 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: freeradius security update

Notes

Topic

Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted RADIUS packet. (CVE-2009-3111) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated freeradius packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "FreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1451",
        "url": "https://access.redhat.com/errata/RHSA-2009:1451"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "521912",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521912"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1451.json"
      }
    ],
    "title": "Red Hat Security Advisory: freeradius security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:11+00:00",
      "generator": {
        "date": "2025-11-21T17:35:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1451",
      "initial_release_date": "2009-09-17T14:38:00+00:00",
      "revision_history": [
        {
          "date": "2009-09-17T14:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-09-17T10:45:56+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.src",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.src",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.src"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3111",
      "discovery_date": "2009-09-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "521912"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.src",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3111"
        },
        {
          "category": "external",
          "summary": "RHBZ#521912",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521912"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3111",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3111"
        }
      ],
      "release_date": "2009-09-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-17T14:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1451"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967"
    }
  ]
}

RHSA-2009_1451

Vulnerability from csaf_redhat - Published: 2009-09-17 14:38 - Updated: 2024-11-22 03:00

Summary

Red Hat Security Advisory: freeradius security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated freeradius packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "FreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1451",
        "url": "https://access.redhat.com/errata/RHSA-2009:1451"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "521912",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521912"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1451.json"
      }
    ],
    "title": "Red Hat Security Advisory: freeradius security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:00:39+00:00",
      "generator": {
        "date": "2024-11-22T03:00:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2009:1451",
      "initial_release_date": "2009-09-17T14:38:00+00:00",
      "revision_history": [
        {
          "date": "2009-09-17T14:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-09-17T10:45:56+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:00:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.src",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.src",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-debuginfo@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-mysql@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-unixODBC@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
                "product": {
                  "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
                  "product_id": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/freeradius-postgresql@1.1.3-1.5.el5_4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.src"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
        },
        "product_reference": "freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3111",
      "discovery_date": "2009-09-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "521912"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src",
          "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
          "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.src",
          "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
          "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3111"
        },
        {
          "category": "external",
          "summary": "RHBZ#521912",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521912"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3111",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3111"
        }
      ],
      "release_date": "2009-09-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-17T14:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1451"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Client-Workstation:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Client-Workstation:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.src",
            "5Server:freeradius-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-debuginfo-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-mysql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-postgresql-0:1.1.3-1.5.el5_4.x86_64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.i386",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ia64",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.ppc",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.s390x",
            "5Server:freeradius-unixODBC-0:1.1.3-1.5.el5_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967"
    }
  ]
}

FKIE_CVE-2009-3111

Vulnerability from fkie_nvd - Published: 2009-09-09 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4	Patch
cve@mitre.org	http://intevydis.com/vd-list.shtml
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
cve@mitre.org	http://secunia.com/advisories/36509
cve@mitre.org	http://support.apple.com/kb/HT3937
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/09/09/1	Patch
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-1451.html
cve@mitre.org	http://www.securityfocus.com/bid/36263
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3184
cve@mitre.org	https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919
af854a3a-2127-422b-91ae-364da2661108	http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4	Patch
af854a3a-2127-422b-91ae-364da2661108	http://intevydis.com/vd-list.shtml
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36509
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3937
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/09/09/1	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1451.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36263
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3184
af854a3a-2127-422b-91ae-364da2661108	https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919

Impacted products

Vendor	Product	Version
freeradius	freeradius	*
freeradius	freeradius	0.2
freeradius	freeradius	0.3
freeradius	freeradius	0.4
freeradius	freeradius	0.5
freeradius	freeradius	0.8
freeradius	freeradius	0.8.1
freeradius	freeradius	0.9
freeradius	freeradius	0.9.1
freeradius	freeradius	0.9.2
freeradius	freeradius	0.9.3
freeradius	freeradius	1.0.0
freeradius	freeradius	1.0.1
freeradius	freeradius	1.0.2
freeradius	freeradius	1.0.3
freeradius	freeradius	1.0.4
freeradius	freeradius	1.0.5
freeradius	freeradius	1.1.0
freeradius	freeradius	1.1.3
freeradius	freeradius	1.1.5
freeradius	freeradius	1.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D6F259-6145-48C9-A81B-5A331F43A76D",
              "versionEndIncluding": "1.1.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AEDD86F-92B9-43EC-80E3-54010E249FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFDB110B-4057-4BA4-993A-9DA14888A093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C8708B-4D1A-48A7-87DF-DF4B53E66D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0369C1A6-A0FE-4BF8-89F5-5ED384565DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1638CC08-8886-4863-8532-883A8616592F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E4FD4F2-0449-4562-ABF2-927206CB77DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "636F3F00-97A5-4497-A6A9-722AFC5BD689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECDFCD7-0189-4C59-842D-C5F9064033A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD634946-ED9B-47EB-8D0F-88EA6057D17C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49152208-4DBD-4AF7-BCB3-3D56650899F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AF846A-F239-4963-B260-7CB48334B8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95ADE53-BFBE-4B06-A1BF-EF576D567554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C48FE12-68CB-462D-B75E-204894325F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1321F1E7-4B14-4B16-91D0-AE9E9951D12A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "313EFEC5-1580-4ACE-BB9C-84E3714F2C37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B93BEF0-09C1-4DF8-8761-582DE975F306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F927232-6275-497E-BF09-B4DCF19642C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07F89D7-504B-4892-9840-A3FED5274F5A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n rad_decode FreeRADIUS  anterior a v1.1.8, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de radiusd) a trav\u00e9s de los atributos zero-length Tunnel-Password. NOTA: esto es una regresi\u00f3n al error relacionado con el CVE-2003-0967."
    }
  ],
  "id": "CVE-2009-3111",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-09T18:30:00.860",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://intevydis.com/vd-list.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://intevydis.com/vd-list.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3111 (GCVE-0-2009-3111)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature