Paketname
freeradius
Datum
2007-04-16
Advisory ID
MDKSA-2007:085
Betroffene Versionen
2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2007.1 x86_64

Problembeschreibung

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to
cause a denial of service (memory consumption) via a large number of
EAP-TTLS tunnel connections using malformed Diameter format attributes,
which causes the authentication request to be rejected but does not
reclaim VALUE_PAIR data structures.

Updated packages have been patched to correct this issue.

Aktualisierte Pakete

2007.0 x86_64

 95758b84f15d847e5df61d9479440700  2007.0/x86_64/freeradius-1.1.2-2.1mdv2007.0.x86_64.rpm
 baded8fb60d1c41b02a790afac5c6337  2007.0/x86_64/lib64freeradius1-1.1.2-2.1mdv2007.0.x86_64.rpm
 d9c95ac32f15019081f2ef6343aaf095  2007.0/x86_64/lib64freeradius1-devel-1.1.2-2.1mdv2007.0.x86_64.rpm
 04d950d8db9cd92053fdf512727297cd  2007.0/x86_64/lib64freeradius1-krb5-1.1.2-2.1mdv2007.0.x86_64.rpm
 2ca93232b0934ec6e5ef121e32fc487b  2007.0/x86_64/lib64freeradius1-ldap-1.1.2-2.1mdv2007.0.x86_64.rpm
 cb61b2079cacc4b72ab0c7df9a4e463a  2007.0/x86_64/lib64freeradius1-mysql-1.1.2-2.1mdv2007.0.x86_64.rpm
 37edc72f39c8b05ce9383e6b5810b288  2007.0/x86_64/lib64freeradius1-postgresql-1.1.2-2.1mdv2007.0.x86_64.rpm
 155dbe7aed46442bdcb1a0cab0d61582  2007.0/x86_64/lib64freeradius1-unixODBC-1.1.2-2.1mdv2007.0.x86_64.rpm 
 c7fc04dcb8df275a27d37541353bc0b8  2007.0/SRPMS/freeradius-1.1.2-2.1mdv2007.0.src.rpm

2007.1 i586

 7f655754289547a87da54e7f9d56d9c1  2007.1/i586/freeradius-1.1.2-5.1mdv2007.1.i586.rpm
 0db64e8f6535adb19f23d22cef6dab39  2007.1/i586/libfreeradius1-1.1.2-5.1mdv2007.1.i586.rpm
 9a61e66884c6926e22039e4290b75800  2007.1/i586/libfreeradius1-devel-1.1.2-5.1mdv2007.1.i586.rpm
 7db0ee6b971766dc724f31ed185c807f  2007.1/i586/libfreeradius1-krb5-1.1.2-5.1mdv2007.1.i586.rpm
 1a9e9007f3f28805b6bf4d9486d4a8e7  2007.1/i586/libfreeradius1-ldap-1.1.2-5.1mdv2007.1.i586.rpm
 39a710e6ef266fa3d04030e2f02405e7  2007.1/i586/libfreeradius1-mysql-1.1.2-5.1mdv2007.1.i586.rpm
 862bde1f3db0207bc133f49b7d7c7907  2007.1/i586/libfreeradius1-postgresql-1.1.2-5.1mdv2007.1.i586.rpm
 c1872069cc1ccac4f2468635e575d39e  2007.1/i586/libfreeradius1-unixODBC-1.1.2-5.1mdv2007.1.i586.rpm 
 9a9a7cf043f8486a1b148f2eb1be1a30  2007.1/SRPMS/freeradius-1.1.2-5.1mdv2007.1.src.rpm

2007.0 i586

 485265e479ed47e03c1966f773c43850  2007.0/i586/freeradius-1.1.2-2.1mdv2007.0.i586.rpm
 a04d690ae7133426eb697fed54f56199  2007.0/i586/libfreeradius1-1.1.2-2.1mdv2007.0.i586.rpm
 5595ff7619d10b67a436712e5a76fc78  2007.0/i586/libfreeradius1-devel-1.1.2-2.1mdv2007.0.i586.rpm
 8dd97ce0b5b9ce5a198a1cfe1db0ebb5  2007.0/i586/libfreeradius1-krb5-1.1.2-2.1mdv2007.0.i586.rpm
 092420b0c0b79c7d044cb54856f194d4  2007.0/i586/libfreeradius1-ldap-1.1.2-2.1mdv2007.0.i586.rpm
 45a1ddd16609babbdda3f39ca9af8c39  2007.0/i586/libfreeradius1-mysql-1.1.2-2.1mdv2007.0.i586.rpm
 8eaa8251f9ef2db2163da446759e338e  2007.0/i586/libfreeradius1-postgresql-1.1.2-2.1mdv2007.0.i586.rpm
 3241acf858db1afa1250afe6e1f500dc  2007.0/i586/libfreeradius1-unixODBC-1.1.2-2.1mdv2007.0.i586.rpm 
 c7fc04dcb8df275a27d37541353bc0b8  2007.0/SRPMS/freeradius-1.1.2-2.1mdv2007.0.src.rpm

CS4.0 i586

 c4ceeeacc64b27a3810d7b9e391052c0  corporate/4.0/i586/freeradius-1.0.4-2.3.20060mlcs4.i586.rpm
 63232cd692916c816c814f39de733d75  corporate/4.0/i586/libfreeradius1-1.0.4-2.3.20060mlcs4.i586.rpm
 aab0141fdb684b856871faa3a281e8b1  corporate/4.0/i586/libfreeradius1-devel-1.0.4-2.3.20060mlcs4.i586.rpm
 db28ccacac6df2430c159b372356cc8d  corporate/4.0/i586/libfreeradius1-krb5-1.0.4-2.3.20060mlcs4.i586.rpm
 778bdbd5643f737652d697d2b81b185e  corporate/4.0/i586/libfreeradius1-ldap-1.0.4-2.3.20060mlcs4.i586.rpm
 cc3d3c9e06f9484108440498560e22d3  corporate/4.0/i586/libfreeradius1-mysql-1.0.4-2.3.20060mlcs4.i586.rpm
 ec2d5a756c26a683b06b84d3f91cd573  corporate/4.0/i586/libfreeradius1-postgresql-1.0.4-2.3.20060mlcs4.i586.rpm
 9564641192642abf3690e374e262ef09  corporate/4.0/i586/libfreeradius1-unixODBC-1.0.4-2.3.20060mlcs4.i586.rpm 
 b473a94d7dff1a06e2db7cc3da187aa5  corporate/4.0/SRPMS/freeradius-1.0.4-2.3.20060mlcs4.src.rpm

CS4.0 x86_64

 c1600875ddab2ce7d31d84060668e5b8  corporate/4.0/x86_64/freeradius-1.0.4-2.3.20060mlcs4.x86_64.rpm
 69a84b748264aad6555d0d3d92789f32  corporate/4.0/x86_64/lib64freeradius1-1.0.4-2.3.20060mlcs4.x86_64.rpm
 7b6dc0a1121b2f1d84d57e38c577c2e8  corporate/4.0/x86_64/lib64freeradius1-devel-1.0.4-2.3.20060mlcs4.x86_64.rpm
 b3a479b99a541cca01a920fb35872b33  corporate/4.0/x86_64/lib64freeradius1-krb5-1.0.4-2.3.20060mlcs4.x86_64.rpm
 b66b96b5897b2fee700cf5a848bb8d92  corporate/4.0/x86_64/lib64freeradius1-ldap-1.0.4-2.3.20060mlcs4.x86_64.rpm
 b2585acc4c9bfabd832bce4f300b877d  corporate/4.0/x86_64/lib64freeradius1-mysql-1.0.4-2.3.20060mlcs4.x86_64.rpm
 d1f8a534fb8da7f37817fd575ed680d3  corporate/4.0/x86_64/lib64freeradius1-postgresql-1.0.4-2.3.20060mlcs4.x86_64.rpm
 4ad7d3c251d17fedf7479edcd818f103  corporate/4.0/x86_64/lib64freeradius1-unixODBC-1.0.4-2.3.20060mlcs4.x86_64.rpm 
 b473a94d7dff1a06e2db7cc3da187aa5  corporate/4.0/SRPMS/freeradius-1.0.4-2.3.20060mlcs4.src.rpm

2007.1 x86_64

 5ad448a832f4a4ed1227a33433612df9  2007.1/x86_64/freeradius-1.1.2-5.1mdv2007.1.x86_64.rpm
 d675f6d01f97c0a1f603f58026e0dc1f  2007.1/x86_64/lib64freeradius1-1.1.2-5.1mdv2007.1.x86_64.rpm
 4c229c337bb4fd50462bae9963911fc6  2007.1/x86_64/lib64freeradius1-devel-1.1.2-5.1mdv2007.1.x86_64.rpm
 b6de623842506793d39bb488a5bf062d  2007.1/x86_64/lib64freeradius1-krb5-1.1.2-5.1mdv2007.1.x86_64.rpm
 9277ae9c7e972bc3a6a539b8aa787d8e  2007.1/x86_64/lib64freeradius1-ldap-1.1.2-5.1mdv2007.1.x86_64.rpm
 2ee400549d37447daa7377e38e6804ef  2007.1/x86_64/lib64freeradius1-mysql-1.1.2-5.1mdv2007.1.x86_64.rpm
 19c236506fd00c8939e564625d987617  2007.1/x86_64/lib64freeradius1-postgresql-1.1.2-5.1mdv2007.1.x86_64.rpm
 58a862d856c75c61cc28cc914f355f55  2007.1/x86_64/lib64freeradius1-unixODBC-1.1.2-5.1mdv2007.1.x86_64.rpm 
 9a9a7cf043f8486a1b148f2eb1be1a30  2007.1/SRPMS/freeradius-1.1.2-5.1mdv2007.1.src.rpm

Referenzen