ID CVE-2007-2028
Summary Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
References
Vulnerable Configurations
  • FreeRADIUS 1.1.5
    cpe:2.3:a:freeradius:freeradius:1.1.5
CVSS
Base: 5.0 (as of 17-04-2007 - 14:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070510_FREERADIUS_ON_SL3_0_X.NASL
    description A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60178
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60178
    title Scientific Linux Security Update : freeradius on SL3.0.x , SL4.x, SL5.x
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-085.NASL
    description Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25063
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25063
    title Mandrake Linux Security Advisory : freeradius (MDKSA-2007:085)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FREERADIUS-3286.NASL
    description A memory leak in the code for handling EAP-TTLS tunnels could be exploited by attackers to crash freeradius (CVE-2007-2028).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27223
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27223
    title openSUSE 10 Security Update : freeradius (freeradius-3286)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200704-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-200704-14 (FreeRADIUS: Denial of Service) The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact : A remote attacker could send a large amount of specially crafted packets to a FreeRADIUS server using EAP-TTLS authentication and exhaust all memory, possibly resulting in a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25059
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25059
    title GLSA-200704-14 : FreeRADIUS: Denial of Service
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C110EDA2E99511DBA9440012F06707F0.NASL
    description The freeradius development team reports : A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an 'out of memory' condition, and early process exit.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 25051
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25051
    title FreeBSD : freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability (c110eda2-e995-11db-a944-0012f06707f0)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0338.NASL
    description From Red Hat Security Advisory 2007:0338 : Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028) Users of FreeRADIUS should update to these erratum packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67489
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67489
    title Oracle Linux 3 / 4 / 5 : freeradius (ELSA-2007-0338)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0338.NASL
    description Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028) Users of FreeRADIUS should update to these erratum packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25204
    published 2007-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25204
    title CentOS 3 / 4 / 5 : freeradius (CESA-2007:0338)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0338.NASL
    description Updated freeradius packages that fix a memory leak flaw are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028) Users of FreeRADIUS should update to these erratum packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25213
    published 2007-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25213
    title RHEL 3 / 4 / 5 : freeradius (RHSA-2007:0338)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11512.NASL
    description A memory leak in the code for handling EAP-TTLS tunnels could be exploited by attackers to crash freeradius. (CVE-2007-2028)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41133
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41133
    title SuSE9 Security Update : freeradius (YOU Patch Number 11512)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FREERADIUS-3287.NASL
    description A memory leak in the code for handling EAP-TTLS tunnels could be exploited by attackers to crash freeradius. (CVE-2007-2028)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29435
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29435
    title SuSE 10 Security Update : freeradius (ZYPP Patch Number 3287)
oval via4
accepted 2013-04-29T04:11:56.175-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
family unix
id oval:org.mitre.oval:def:11156
status accepted
submitted 2010-07-09T03:56:16-04:00
title Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
version 24
redhat via4
advisories
bugzilla
id 236247
title CVE-2007-2028 Freeradius EAP-TTLS denial of service
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment freeradius is earlier than 0:1.0.1-2.RHEL3.4
      oval oval:com.redhat.rhsa:tst:20070338002
    • comment freeradius is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070338003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment freeradius is earlier than 0:1.0.1-3.RHEL4.5
          oval oval:com.redhat.rhsa:tst:20070338005
        • comment freeradius is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070338003
      • AND
        • comment freeradius-mysql is earlier than 0:1.0.1-3.RHEL4.5
          oval oval:com.redhat.rhsa:tst:20070338008
        • comment freeradius-mysql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070338009
      • AND
        • comment freeradius-postgresql is earlier than 0:1.0.1-3.RHEL4.5
          oval oval:com.redhat.rhsa:tst:20070338006
        • comment freeradius-postgresql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070338007
      • AND
        • comment freeradius-unixODBC is earlier than 0:1.0.1-3.RHEL4.5
          oval oval:com.redhat.rhsa:tst:20070338010
        • comment freeradius-unixODBC is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070338011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment freeradius is earlier than 0:1.1.3-1.2.el5
          oval oval:com.redhat.rhsa:tst:20070338013
        • comment freeradius is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070338014
      • AND
        • comment freeradius-mysql is earlier than 0:1.1.3-1.2.el5
          oval oval:com.redhat.rhsa:tst:20070338015
        • comment freeradius-mysql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070338016
      • AND
        • comment freeradius-postgresql is earlier than 0:1.1.3-1.2.el5
          oval oval:com.redhat.rhsa:tst:20070338019
        • comment freeradius-postgresql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070338020
      • AND
        • comment freeradius-unixODBC is earlier than 0:1.1.3-1.2.el5
          oval oval:com.redhat.rhsa:tst:20070338017
        • comment freeradius-unixODBC is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070338018
rhsa
id RHSA-2007:0338
released 2007-05-10
severity Moderate
title RHSA-2007:0338: freeradius security update (Moderate)
rpms
  • freeradius-0:1.0.1-2.RHEL3.4
  • freeradius-0:1.0.1-3.RHEL4.5
  • freeradius-mysql-0:1.0.1-3.RHEL4.5
  • freeradius-postgresql-0:1.0.1-3.RHEL4.5
  • freeradius-unixODBC-0:1.0.1-3.RHEL4.5
  • freeradius-0:1.1.3-1.2.el5
  • freeradius-mysql-0:1.1.3-1.2.el5
  • freeradius-postgresql-0:1.1.3-1.2.el5
  • freeradius-unixODBC-0:1.1.3-1.2.el5
refmap via4
bid 23466
confirm http://www.freeradius.org/security.html
gentoo GLSA-200704-14
mandriva MDKSA-2007:085
sectrack 1018042
secunia
  • 24849
  • 24907
  • 24917
  • 24996
  • 25201
  • 25220
suse SUSE-SR:2007:010
trustix 2007-0013
vupen ADV-2007-1369
Last major update 07-03-2011 - 21:53
Published 13-04-2007 - 14:19
Last modified 10-10-2017 - 21:32
Back to Top