Check Point Advisories

FreeRADIUS RADIUS Server rad_decode Remote Denial of Service (CVE-2009-3111)

Vulnerability
Protection

Check Point Reference:	CPAI-2009-419
Date Published:	1 Feb 2010
Severity:	High
Last Updated:	Tuesday 08 August, 2023
Source:
Industry Reference:	CVE-2009-3111
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) services for users to connect and utilize network resources. RADIUS is a client/server protocol that runs in the application layer using the UDP transport protocol. A RADIUS server will listen on UDP/1812 port for authentication traffic from clients. FreeRADIUS RADIUS Server is an open source implementation of the RADIUS protocol. A denial of service vulnerability exists in FreeRADIUS RADIUS Server. The vulnerability is due to an error when processing crafted RADIUS Access-Request packets. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted attribute in an packet to the server, potentially causing a denial of service condition.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

In the IPS tab, click Protections and find the FreeRADIUS RADIUS Server rad_decode Remote Denial of Service protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Application Servers Protection Violation.
Attack Information: FreeRADIUS RADIUS Server rad_decode Remote Denial of Service