Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDC110EDA2-E995-11DB-A944-0012F06707F0
HistoryApr 10, 2007 - 12:00 a.m.

freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

2007-04-1000:00:00
vuxml.freebsd.org
22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.016

Percentile

87.5%

JSON

The freeradius development team reports:

A malicious 802.1x supplicant could send malformed Diameter format
attributes inside of an EAP-TTLS tunnel. The server would reject
the authentication request, but would leak one VALUE_PAIR data
structure, of approximately 300 bytes. If an attacker performed
the attack many times (e.g. thousands or more over a period of
minutes to hours), the server could leak megabytes of memory,
potentially leading to an “out of memory” condition, and early
process exit.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreeradius<= 1.1.5UNKNOWN
FreeBSDanynoarchfreeradius-mysql<= 1.1.5UNKNOWN

Related

nessus 16
openvas 19
centos 2
redhat 2
gentoo 2
cvelist 4
ubuntucve 4
debiancve 4
cve 4
nvd 4
redhatcve 1
veracode 1
securityvulns 1
oraclelinux 1
fedora 1
prion 1
osv 1
debian 1
nessus
nessus
FreeBSD : freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability (c110eda2-e995-11db-a944-0012f06707f0)
2007-04-19 00:00:00
GLSA-200505-13 : FreeRADIUS: SQL injection and Denial of Service vulnerability
2005-05-17 00:00:00
FreeBSD : freeradius -- sql injection and denial of service vulnerability (2fbe16c2-cab6-11d9-9aed-000e0c2e438a)
2005-07-13 00:00:00
openvas
openvas
FreeBSD Ports: freeradius, freeradius-mysql
2008-09-04 00:00:00
FreeBSD Ports: freeradius, freeradius-mysql
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200505-13 (freeradius)
2008-09-24 00:00:00
centos
centos
freeradius security update
2005-06-23 20:24:57
freeradius security update
2007-05-10 16:23:13
redhat
redhat
(RHSA-2005:524) freeradius security update
2005-06-23 00:00:00
(RHSA-2007:0338) Moderate: freeradius security update
2007-05-10 00:00:00
gentoo
gentoo
FreeRADIUS: SQL injection and Denial of Service vulnerability
2005-05-17 00:00:00
FreeRADIUS: Denial of service
2007-04-17 00:00:00
cvelist
cvelist
CVE-2005-4745
2006-03-28 11:00:00
CVE-2005-1455
2005-05-19 04:00:00
CVE-2005-1454
2005-05-19 04:00:00
ubuntucve
ubuntucve
CVE-2005-4745
2005-12-31 00:00:00
CVE-2005-1455
2005-05-19 00:00:00
CVE-2005-1454
2005-05-19 00:00:00
debiancve
debiancve
CVE-2005-4745
2006-03-28 11:00:00
CVE-2005-1455
2005-05-19 04:00:00
CVE-2005-1454
2005-05-19 04:00:00
cve
cve
CVE-2005-4745
2006-03-28 11:00:00
CVE-2005-1455
2005-05-19 04:00:00
CVE-2007-2028
2007-04-13 18:19:00
nvd
nvd
CVE-2005-4745
2005-12-31 05:00:00
CVE-2005-1455
2005-05-19 04:00:00
CVE-2005-1454
2005-05-19 04:00:00
redhatcve
redhatcve
CVE-2005-4745
2015-10-30 10:19:05
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:55
securityvulns
securityvulns
FreeRADIUS memory leak
2007-04-16 00:00:00
oraclelinux
oraclelinux
Moderate: freeradius security update
2007-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: freeradius-1.1.3-2.fc6
2007-05-14 17:06:05
prion
prion
Design/Logic Flaw
2007-04-13 18:19:00
osv
osv
freeradius - several
2006-08-08 00:00:00
debian
debian
[SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities
2006-08-07 23:29:07

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.016

Percentile

87.5%

JSON
Related for C110EDA2-E995-11DB-A944-0012F06707F0
nessus16openvas19centos2redhat2gentoo2cvelist4ubuntucve4debiancve4cve4nvd4redhatcve1veracode1securityvulns1oraclelinux1fedora1prion1osv1debian1