aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorStanislav Sedov <stas@FreeBSD.org>2007-04-13 08:19:58 +0000
committerStanislav Sedov <stas@FreeBSD.org>2007-04-13 08:19:58 +0000
commitc87d123fe1d9df43c82a498a2f789d46f7ea533c (patch)
tree301d72c7c611b8fe2b5d0ba6ff21ba959314c797 /security
parentacc33b14df77f1bad1c2d0a2c775185fa9e864eb (diff)
downloadports-c87d123fe1d9df43c82a498a2f789d46f7ea533c.tar.gz
ports-c87d123fe1d9df43c82a498a2f789d46f7ea533c.zip
Notes
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e862bae1636f..b27fe0929ec5 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c110eda2-e995-11db-a944-0012f06707f0">
+ <topic>freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability</topic>
+ <affects>
+ <package>
+ <name>freeradius</name>
+ <range><le>1.1.5</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The freeradius development team reports:</p>
+ <blockquote cite="http://www.freeradius.org/security.html">
+ <p>A malicous 802.1x supplicant could send malformed Diameter format
+ attributes inside of an EAP-TTLS tunnel. The server would reject
+ the authentication request, but would leak one VALUE_PAIR data
+ structure, of approximately 300 bytes. If an attacker performed
+ the attack many times (e.g. thousands or more over a period of
+ minutes to hours), the server could leak megabytes of memory,
+ potentially leading to an "out of memory" condition, and early
+ process exit.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>23466</bid>
+ <url>http://www.freeradius.org/security.html</url>
+ </references>
+ <dates>
+ <discovery>2007-04-10</discovery>
+ <entry>2007-04-13</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f1c4d133-e6d3-11db-99ea-0060084a00e5">
<topic>fetchmail -- insecure APOP authentication</topic>
<affects>