Launchpad has imported 3 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=236247.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2007-04-12T17:31:12+00:00 Josh wrote: A flaw was found in the way FreeRADIUS parses certain authentication requests. The upstream description explain it as such: http://www.freeradius.org/security.html 2007.04.10 v1.1.5, and earlier - A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit. We recommend that administrators using EAP-TTLS upgrade immediately. This bug was found as part of the Coverity Scan project. The EAP-TTLS support is not enabled by default in any FreeRADIUS installations. This flaw also affects RHEL 3 and 4. Reply at: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/106006/comments/0 ------------------------------------------------------------------------ On 2007-04-12T17:31:12+00:00 Josh wrote: Created attachment 152488 Upstream Patch Reply at: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/106006/comments/1 ------------------------------------------------------------------------ On 2007-05-10T16:04:13+00:00 Red wrote: An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0338.html Reply at: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/106006/comments/5 ** Changed in: freeradius (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/106006 Title: CVE-2007-2028: vulnerable to memory exhaustion via malformed Diameter format attributes inside of an EAP-TTLS tunnel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/106006/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
