diff options
author | Stanislav Sedov <stas@FreeBSD.org> | 2007-04-13 08:19:58 +0000 |
---|---|---|
committer | Stanislav Sedov <stas@FreeBSD.org> | 2007-04-13 08:19:58 +0000 |
commit | c87d123fe1d9df43c82a498a2f789d46f7ea533c (patch) | |
tree | 301d72c7c611b8fe2b5d0ba6ff21ba959314c797 /security | |
parent | acc33b14df77f1bad1c2d0a2c775185fa9e864eb (diff) | |
download | ports-c87d123fe1d9df43c82a498a2f789d46f7ea533c.tar.gz ports-c87d123fe1d9df43c82a498a2f789d46f7ea533c.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e862bae1636f..b27fe0929ec5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="c110eda2-e995-11db-a944-0012f06707f0"> + <topic>freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability</topic> + <affects> + <package> + <name>freeradius</name> + <range><le>1.1.5</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The freeradius development team reports:</p> + <blockquote cite="http://www.freeradius.org/security.html"> + <p>A malicous 802.1x supplicant could send malformed Diameter format + attributes inside of an EAP-TTLS tunnel. The server would reject + the authentication request, but would leak one VALUE_PAIR data + structure, of approximately 300 bytes. If an attacker performed + the attack many times (e.g. thousands or more over a period of + minutes to hours), the server could leak megabytes of memory, + potentially leading to an "out of memory" condition, and early + process exit.</p> + </blockquote> + </body> + </description> + <references> + <bid>23466</bid> + <url>http://www.freeradius.org/security.html</url> + </references> + <dates> + <discovery>2007-04-10</discovery> + <entry>2007-04-13</entry> + </dates> + </vuln> + <vuln vid="f1c4d133-e6d3-11db-99ea-0060084a00e5"> <topic>fetchmail -- insecure APOP authentication</topic> <affects> |