| Summary: | net-dialup/freeradius < 1.1.6 Denial of Service (CVE-2007-2028) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Pierre-Yves Rofes (RETIRED) <py> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | mrness, net-dialup |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://secunia.com/advisories/24849/ | ||
| Whiteboard: | B3 [glsa] p-y | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Pierre-Yves Rofes (RETIRED)
2007-04-12 15:46:16 UTC
setting status. http://www.freeradius.org/security.html 2007.04.10 v1.1.5, and earlier - A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit. We recommend that administrators using EAP-TTLS upgrade immediately. This bug was found as part of the Coverity Scan project. freeradius-1.1.6 has been committed. Arches, please mark it as stable. mrness: is there a speficic issue for not including ppc and sparc? amd64 done x86 stable i vote for a GLSA since a DoS on FreeRadius is in fact a DoS on the whole system(s) that is under its control. (In reply to comment #4) > mrness: is there a speficic issue for not including ppc and sparc? None of the freeradius versions have stable ppc or sparc keywords. Arches add keywords, not maintainers. I vote YES lets have a GLSA on this one. Though we should note that only users using EAP-TTLS seems to be affected. GLSA 200704-14, thanks p-y and everybody |