FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.
A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service. (CVE-2007-2028)
Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | s390x | freeradius-mysql | < 1.1.3-1.2.el5 | freeradius-mysql-1.1.3-1.2.el5.s390x.rpm |
RedHat | any | ppc | freeradius-unixodbc | < 1.0.1-3.RHEL4.5 | freeradius-unixODBC-1.0.1-3.RHEL4.5.ppc.rpm |
RedHat | 5 | x86_64 | freeradius-unixodbc | < 1.1.3-1.2.el5 | freeradius-unixODBC-1.1.3-1.2.el5.x86_64.rpm |
RedHat | 5 | ppc | freeradius-unixodbc | < 1.1.3-1.2.el5 | freeradius-unixODBC-1.1.3-1.2.el5.ppc.rpm |
RedHat | any | s390 | freeradius-postgresql | < 1.0.1-3.RHEL4.5 | freeradius-postgresql-1.0.1-3.RHEL4.5.s390.rpm |
RedHat | any | ppc | freeradius-postgresql | < 1.0.1-3.RHEL4.5 | freeradius-postgresql-1.0.1-3.RHEL4.5.ppc.rpm |
RedHat | any | ia64 | freeradius-unixodbc | < 1.0.1-3.RHEL4.5 | freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm |
RedHat | any | s390x | freeradius | < 1.0.1-2.RHEL3.4 | freeradius-1.0.1-2.RHEL3.4.s390x.rpm |
RedHat | any | i386 | freeradius | < 1.0.1-2.RHEL3.4 | freeradius-1.0.1-2.RHEL3.4.i386.rpm |
RedHat | any | src | freeradius | < 1.0.1-3.RHEL4.5 | freeradius-1.0.1-3.RHEL4.5.src.rpm |