CVE-2007-2028
Published: 13 April 2007
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
Priority
Status
Package | Release | Status |
---|---|---|
freeradius Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.0-1ubuntu2.1)
|
edgy |
Released
(1.1.3-1ubuntu0.1)
|
|
feisty |
Released
(1.1.3-3ubuntu1.1)
|
|
gutsy |
Not vulnerable
|
|
upstream |
Released
(1.1.6)
|