Vulnerability in FreeRADIUS

HANCHATE Ravikiran (u5574292) u5574292 at
Mon Mar 16 13:22:44 CET 2020

Thank you Alan for your descriptive reply . 

Cheers !!!

From: Freeradius-Users [ at] on behalf of Alan DeKok [aland at]
Sent: Monday, 16 March  2020 1:15 PM
To: FreeRadius users mailing list
Cc: HANCHATE Ravikiran (TechM)
Subject: Re: Vulnerability in FreeRADIUS

On Mar 16, 2020, at 8:02 AM, HANCHATE Ravikiran (u5574292) <u5574292 at> wrote:
> we received Vulnerability in FreeRADIUS , Can you please assist here,

  This issue was found and fixed many months ago.

> 1/ How this will impact on our radius infra ?

  Do you run EAP-PWD?

no - this doesn't affect you

yes - the description says what the impact is.

> 2/ what steps need to be taken to Apply the Linux Fedora patches regarding the FreeRADIUS vulnerability

  Ask Fedora how their system works.

> Please provide step by step guides or implement instructions to   Apply the Linux Fedora patches ?

  You seem to be operating under the misconception that we *owe* you something.  We don't.

  The guides and documentation are available on the FreeRADIUS web site, and are included with the source.  If you have *specific* questions about them, please ask.  Otherwise, if it's too much work for you to look for the guides, then it's too much work for us to look for them, too.  If only there was something called "google", or perhaps a "wiki".  Or even a "doc" directory in the server.  That would be magical...

  As for Fedora, ask Fedora how to apply patches to their system.  Ask Fedora if they have updated patches.

  We supply the source, which you can download and build yourself.  Instructions are on the Wiki, and included with the source.

  We also supply pre-built packages.  Full instructions are on our web site:

  Alan DeKok.

List info/subscribe/unsubscribe? See
This electronic transmission (and any attached document) is intended 
exclusively for the person or entity to whom it is addressed and may 
contain confidential and/or privileged material. 
Any disclosure, copying, distribution or other action based upon 
the information by persons or entities other than the intended recipient 
is prohibited. If you receive this message in error, please contact the 
sender and delete the material from any and all computers. 
Orange Belgium does not warrant a proper and complete transmission of this 
information, nor does it accept liability for any delays. 
Unless clearly and unambiguously stated otherwise, the content of this 
e-mail and its attachment is provided to you for information purposes 
only, and nothing herein shall be binding upon, or shall constitute or 
be construed as a binding offer of Orange Belgium. 

More information about the Freeradius-Users mailing list