freeradius has a heap exploit in all versions before 0.9.3. It is possible for an attacker to DOS the radius server. Solution: upgrade to 0.9.3 Reproducible: Always Steps to Reproduce: Send a compromised RADIUS paket to the server. It needs to have a Tunnel-Password attribute inside. Actual Results: The server crashes. Expected Results: The server should not crash. See release notes on http://freeradius.org/
Created attachment 21018 [details] New freeradius ebuild for fixed version 0.9.3 An version bounced ebuild of the 0.9.0 ebuild I submitted some months ago. This is version 0.9.3 which has the heap dos exploit fixed.
The original release mail for version 0.9.3 is here: http://lists.cistron.nl/archives/freeradius-users/2003/11/msg00614.html Oliver.
Committed.
This is ready for a GLSA now.
Rajiv: could you release a GLSA for this?
GLSA 200311-04 sent out.