CVE-2007-2028 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-2028
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2028

Description: Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.

CVE Status: Candidate

References: TRUSTIX http://www.trustix.org/errata/2007/0013/ SUSE http://www.novell.com/linux/security/advisories/2007_10_sr.html ST 1018042 SAID Secunia Advisory: SA24849 Secunia Advisory: SA24907 Secunia Advisory: SA24917 Secunia Advisory: SA24996 Secunia Advisory: SA25201 Secunia Advisory: SA25220 REDHAT http://rhn.redhat.com/errata/RHSA-2007-0338.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:085 GENTOO http://security.gentoo.org/glsa/glsa-200704-14.xml CONFIRM http://www.freeradius.org/security.html BID 23466

Return to the previous page.