lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HdZTE-0005R7-52@artemis.annvix.ca>
Date: Mon, 16 Apr 2007 16:14:48 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:085 ] - Updated freeradius packages fix DoS vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:085
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : freeradius
 Date    : April 16, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to
 cause a denial of service (memory consumption) via a large number of
 EAP-TTLS tunnel connections using malformed Diameter format attributes,
 which causes the authentication request to be rejected but does not
 reclaim VALUE_PAIR data structures.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2028
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 485265e479ed47e03c1966f773c43850  2007.0/i586/freeradius-1.1.2-2.1mdv2007.0.i586.rpm
 a04d690ae7133426eb697fed54f56199  2007.0/i586/libfreeradius1-1.1.2-2.1mdv2007.0.i586.rpm
 5595ff7619d10b67a436712e5a76fc78  2007.0/i586/libfreeradius1-devel-1.1.2-2.1mdv2007.0.i586.rpm
 8dd97ce0b5b9ce5a198a1cfe1db0ebb5  2007.0/i586/libfreeradius1-krb5-1.1.2-2.1mdv2007.0.i586.rpm
 092420b0c0b79c7d044cb54856f194d4  2007.0/i586/libfreeradius1-ldap-1.1.2-2.1mdv2007.0.i586.rpm
 45a1ddd16609babbdda3f39ca9af8c39  2007.0/i586/libfreeradius1-mysql-1.1.2-2.1mdv2007.0.i586.rpm
 8eaa8251f9ef2db2163da446759e338e  2007.0/i586/libfreeradius1-postgresql-1.1.2-2.1mdv2007.0.i586.rpm
 3241acf858db1afa1250afe6e1f500dc  2007.0/i586/libfreeradius1-unixODBC-1.1.2-2.1mdv2007.0.i586.rpm 
 c7fc04dcb8df275a27d37541353bc0b8  2007.0/SRPMS/freeradius-1.1.2-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 95758b84f15d847e5df61d9479440700  2007.0/x86_64/freeradius-1.1.2-2.1mdv2007.0.x86_64.rpm
 baded8fb60d1c41b02a790afac5c6337  2007.0/x86_64/lib64freeradius1-1.1.2-2.1mdv2007.0.x86_64.rpm
 d9c95ac32f15019081f2ef6343aaf095  2007.0/x86_64/lib64freeradius1-devel-1.1.2-2.1mdv2007.0.x86_64.rpm
 04d950d8db9cd92053fdf512727297cd  2007.0/x86_64/lib64freeradius1-krb5-1.1.2-2.1mdv2007.0.x86_64.rpm
 2ca93232b0934ec6e5ef121e32fc487b  2007.0/x86_64/lib64freeradius1-ldap-1.1.2-2.1mdv2007.0.x86_64.rpm
 cb61b2079cacc4b72ab0c7df9a4e463a  2007.0/x86_64/lib64freeradius1-mysql-1.1.2-2.1mdv2007.0.x86_64.rpm
 37edc72f39c8b05ce9383e6b5810b288  2007.0/x86_64/lib64freeradius1-postgresql-1.1.2-2.1mdv2007.0.x86_64.rpm
 155dbe7aed46442bdcb1a0cab0d61582  2007.0/x86_64/lib64freeradius1-unixODBC-1.1.2-2.1mdv2007.0.x86_64.rpm 
 c7fc04dcb8df275a27d37541353bc0b8  2007.0/SRPMS/freeradius-1.1.2-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 7f655754289547a87da54e7f9d56d9c1  2007.1/i586/freeradius-1.1.2-5.1mdv2007.1.i586.rpm
 0db64e8f6535adb19f23d22cef6dab39  2007.1/i586/libfreeradius1-1.1.2-5.1mdv2007.1.i586.rpm
 9a61e66884c6926e22039e4290b75800  2007.1/i586/libfreeradius1-devel-1.1.2-5.1mdv2007.1.i586.rpm
 7db0ee6b971766dc724f31ed185c807f  2007.1/i586/libfreeradius1-krb5-1.1.2-5.1mdv2007.1.i586.rpm
 1a9e9007f3f28805b6bf4d9486d4a8e7  2007.1/i586/libfreeradius1-ldap-1.1.2-5.1mdv2007.1.i586.rpm
 39a710e6ef266fa3d04030e2f02405e7  2007.1/i586/libfreeradius1-mysql-1.1.2-5.1mdv2007.1.i586.rpm
 862bde1f3db0207bc133f49b7d7c7907  2007.1/i586/libfreeradius1-postgresql-1.1.2-5.1mdv2007.1.i586.rpm
 c1872069cc1ccac4f2468635e575d39e  2007.1/i586/libfreeradius1-unixODBC-1.1.2-5.1mdv2007.1.i586.rpm 
 9a9a7cf043f8486a1b148f2eb1be1a30  2007.1/SRPMS/freeradius-1.1.2-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 5ad448a832f4a4ed1227a33433612df9  2007.1/x86_64/freeradius-1.1.2-5.1mdv2007.1.x86_64.rpm
 d675f6d01f97c0a1f603f58026e0dc1f  2007.1/x86_64/lib64freeradius1-1.1.2-5.1mdv2007.1.x86_64.rpm
 4c229c337bb4fd50462bae9963911fc6  2007.1/x86_64/lib64freeradius1-devel-1.1.2-5.1mdv2007.1.x86_64.rpm
 b6de623842506793d39bb488a5bf062d  2007.1/x86_64/lib64freeradius1-krb5-1.1.2-5.1mdv2007.1.x86_64.rpm
 9277ae9c7e972bc3a6a539b8aa787d8e  2007.1/x86_64/lib64freeradius1-ldap-1.1.2-5.1mdv2007.1.x86_64.rpm
 2ee400549d37447daa7377e38e6804ef  2007.1/x86_64/lib64freeradius1-mysql-1.1.2-5.1mdv2007.1.x86_64.rpm
 19c236506fd00c8939e564625d987617  2007.1/x86_64/lib64freeradius1-postgresql-1.1.2-5.1mdv2007.1.x86_64.rpm
 58a862d856c75c61cc28cc914f355f55  2007.1/x86_64/lib64freeradius1-unixODBC-1.1.2-5.1mdv2007.1.x86_64.rpm 
 9a9a7cf043f8486a1b148f2eb1be1a30  2007.1/SRPMS/freeradius-1.1.2-5.1mdv2007.1.src.rpm

 Corporate 4.0:
 c4ceeeacc64b27a3810d7b9e391052c0  corporate/4.0/i586/freeradius-1.0.4-2.3.20060mlcs4.i586.rpm
 63232cd692916c816c814f39de733d75  corporate/4.0/i586/libfreeradius1-1.0.4-2.3.20060mlcs4.i586.rpm
 aab0141fdb684b856871faa3a281e8b1  corporate/4.0/i586/libfreeradius1-devel-1.0.4-2.3.20060mlcs4.i586.rpm
 db28ccacac6df2430c159b372356cc8d  corporate/4.0/i586/libfreeradius1-krb5-1.0.4-2.3.20060mlcs4.i586.rpm
 778bdbd5643f737652d697d2b81b185e  corporate/4.0/i586/libfreeradius1-ldap-1.0.4-2.3.20060mlcs4.i586.rpm
 cc3d3c9e06f9484108440498560e22d3  corporate/4.0/i586/libfreeradius1-mysql-1.0.4-2.3.20060mlcs4.i586.rpm
 ec2d5a756c26a683b06b84d3f91cd573  corporate/4.0/i586/libfreeradius1-postgresql-1.0.4-2.3.20060mlcs4.i586.rpm
 9564641192642abf3690e374e262ef09  corporate/4.0/i586/libfreeradius1-unixODBC-1.0.4-2.3.20060mlcs4.i586.rpm 
 b473a94d7dff1a06e2db7cc3da187aa5  corporate/4.0/SRPMS/freeradius-1.0.4-2.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c1600875ddab2ce7d31d84060668e5b8  corporate/4.0/x86_64/freeradius-1.0.4-2.3.20060mlcs4.x86_64.rpm
 69a84b748264aad6555d0d3d92789f32  corporate/4.0/x86_64/lib64freeradius1-1.0.4-2.3.20060mlcs4.x86_64.rpm
 7b6dc0a1121b2f1d84d57e38c577c2e8  corporate/4.0/x86_64/lib64freeradius1-devel-1.0.4-2.3.20060mlcs4.x86_64.rpm
 b3a479b99a541cca01a920fb35872b33  corporate/4.0/x86_64/lib64freeradius1-krb5-1.0.4-2.3.20060mlcs4.x86_64.rpm
 b66b96b5897b2fee700cf5a848bb8d92  corporate/4.0/x86_64/lib64freeradius1-ldap-1.0.4-2.3.20060mlcs4.x86_64.rpm
 b2585acc4c9bfabd832bce4f300b877d  corporate/4.0/x86_64/lib64freeradius1-mysql-1.0.4-2.3.20060mlcs4.x86_64.rpm
 d1f8a534fb8da7f37817fd575ed680d3  corporate/4.0/x86_64/lib64freeradius1-postgresql-1.0.4-2.3.20060mlcs4.x86_64.rpm
 4ad7d3c251d17fedf7479edcd818f103  corporate/4.0/x86_64/lib64freeradius1-unixODBC-1.0.4-2.3.20060mlcs4.x86_64.rpm 
 b473a94d7dff1a06e2db7cc3da187aa5  corporate/4.0/SRPMS/freeradius-1.0.4-2.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGI8qUmqjQ0CJFipgRAvv9AKDk8ohKdmfc9DibRIWXqx4qbFcWtwCg498c
tfsPJ2gb6QZPAJRgcLfunZ4=
=czGA
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ