FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

Affected packages
freeradius <= 1.1.5
freeradius-mysql <= 1.1.5

Details

VuXML ID c110eda2-e995-11db-a944-0012f06707f0
Discovery 2007-04-10
Entry 2007-04-13
Modified 2010-05-12

The freeradius development team reports:

A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit.

References

Bugtraq ID 23466
CVE Name CVE-2005-1454
CVE Name CVE-2005-1455
CVE Name CVE-2005-4745
CVE Name CVE-2007-2028
URL http://www.freeradius.org/security.html