FreeRADIUS: Multiple Denial of Service vulnerabilities — GLSA 200409-29

Multiple Denial of Service vulnerabilities were found and fixed in FreeRADIUS.

Affected packages

net-dialup/freeradius on all architectures
Affected versions < 1.0.1
Unaffected versions >= 1.0.1

Background

FreeRADIUS is an open source RADIUS authentication server implementation.

Description

There are undisclosed defects in the way FreeRADIUS handles incorrect received packets.

Impact

A remote attacker could send specially-crafted packets to the FreeRADIUS server to deny service to other users by crashing the server.

Workaround

There is no known workaround at this time.

Resolution

All FreeRADIUS users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=net-dialup/freeradius-1.0.1"
 # emerge ">=net-dialup/freeradius-1.0.1"

References

Release date
September 22, 2004

Latest revision
May 22, 2006: 02

Severity
normal

Exploitable
remote

Bugzilla entries