CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
87.5%
CentOS Errata and Security Advisory CESA-2007:0338
FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.
A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service. (CVE-2007-2028)
Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075909.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075910.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075911.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075912.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075913.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075914.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075915.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075916.html
Affected packages:
freeradius
freeradius-mysql
freeradius-postgresql
freeradius-unixODBC
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0338
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | ia64 | freeradius | < 1.0.1-2.RHEL3.4 | freeradius-1.0.1-2.RHEL3.4.ia64.rpm |
CentOS | 3 | ia64 | freeradius-mysql | < 1.0.1-2.RHEL3.4 | freeradius-mysql-1.0.1-2.RHEL3.4.ia64.rpm |
CentOS | 3 | ia64 | freeradius-postgresql | < 1.0.1-2.RHEL3.4 | freeradius-postgresql-1.0.1-2.RHEL3.4.ia64.rpm |
CentOS | 3 | ia64 | freeradius-unixodbc | < 1.0.1-2.RHEL3.4 | freeradius-unixODBC-1.0.1-2.RHEL3.4.ia64.rpm |
CentOS | 4 | ia64 | freeradius | < 1.0.1-3.RHEL4.5 | freeradius-1.0.1-3.RHEL4.5.ia64.rpm |
CentOS | 4 | ia64 | freeradius-mysql | < 1.0.1-3.RHEL4.5 | freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm |
CentOS | 4 | ia64 | freeradius-postgresql | < 1.0.1-3.RHEL4.5 | freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm |
CentOS | 4 | ia64 | freeradius-unixodbc | < 1.0.1-3.RHEL4.5 | freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm |
CentOS | 3 | i386 | freeradius | < 1.0.1-2.RHEL3.4 | freeradius-1.0.1-2.RHEL3.4.i386.rpm |
CentOS | 3 | i386 | freeradius-mysql | < 1.0.1-2.RHEL3.4 | freeradius-mysql-1.0.1-2.RHEL3.4.i386.rpm |