A security issue has been reported in FreeRADIUS, which can be exploited by malicious people to cause a DoS (Denial of Service). The security issue is caused due to a memory leak (ca. 300bytes) within the handling of certain malformed diameter format values inside an EAP-TTLS tunnel. This can be exploited to exhaust all available memory by sending a large number of malformed authentication requests to a vulnerable server. The security issue is reported in versions prior to 1.1.6. net-dialup, please advise.
setting status.
http://www.freeradius.org/security.html 2007.04.10 v1.1.5, and earlier - A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit. We recommend that administrators using EAP-TTLS upgrade immediately. This bug was found as part of the Coverity Scan project.
freeradius-1.1.6 has been committed. Arches, please mark it as stable.
mrness: is there a speficic issue for not including ppc and sparc?
amd64 done
x86 stable
i vote for a GLSA since a DoS on FreeRadius is in fact a DoS on the whole system(s) that is under its control.
(In reply to comment #4) > mrness: is there a speficic issue for not including ppc and sparc? None of the freeradius versions have stable ppc or sparc keywords. Arches add keywords, not maintainers.
I vote YES lets have a GLSA on this one. Though we should note that only users using EAP-TTLS seems to be affected.
GLSA 200704-14, thanks p-y and everybody
