Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDC110EDA2-E995-11DB-A944-0012F06707F0
HistoryApr 10, 2007 - 12:00 a.m.

freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

2007-04-1000:00:00
vuxml.freebsd.org
14

0.013 Low

EPSS

Percentile

85.7%

JSON

The freeradius development team reports:

A malicious 802.1x supplicant could send malformed Diameter format
attributes inside of an EAP-TTLS tunnel. The server would reject
the authentication request, but would leak one VALUE_PAIR data
structure, of approximately 300 bytes. If an attacker performed
the attack many times (e.g. thousands or more over a period of
minutes to hours), the server could leak megabytes of memory,
potentially leading to an “out of memory” condition, and early
process exit.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreeradius<= 1.1.5UNKNOWN
FreeBSDanynoarchfreeradius-mysql<= 1.1.5UNKNOWN

Related

openvas 19
nessus 16
centos 2
gentoo 2
redhat 2
cvelist 4
ubuntucve 4
redhatcve 1
cve 4
debiancve 4
fedora 1
oraclelinux 1
securityvulns 1
prion 1
veracode 1
osv 1
debian 1
openvas
openvas
FreeBSD Ports: freeradius, freeradius-mysql
2008-09-04 00:00:00
FreeBSD Ports: freeradius, freeradius-mysql
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200505-13 (freeradius)
2008-09-24 00:00:00
nessus
nessus
FreeBSD : freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability (c110eda2-e995-11db-a944-0012f06707f0)
2007-04-19 00:00:00
GLSA-200505-13 : FreeRADIUS: SQL injection and Denial of Service vulnerability
2005-05-17 00:00:00
CentOS 3 / 4 : freeradius (CESA-2005:524)
2006-07-03 00:00:00
centos
centos
freeradius security update
2005-06-23 20:24:57
freeradius security update
2007-05-10 16:23:13
gentoo
gentoo
FreeRADIUS: SQL injection and Denial of Service vulnerability
2005-05-17 00:00:00
FreeRADIUS: Denial of service
2007-04-17 00:00:00
redhat
redhat
(RHSA-2005:524) freeradius security update
2005-06-23 00:00:00
(RHSA-2007:0338) Moderate: freeradius security update
2007-05-10 00:00:00
cvelist
cvelist
CVE-2005-4745
2006-03-28 11:00:00
CVE-2005-1455
2005-05-19 04:00:00
CVE-2005-1454
2005-05-19 04:00:00
ubuntucve
ubuntucve
CVE-2005-4745
2005-12-31 00:00:00
CVE-2005-1455
2005-05-19 00:00:00
CVE-2005-1454
2005-05-19 00:00:00
redhatcve
redhatcve
CVE-2005-4745
2015-10-30 10:19:05
cve
cve
CVE-2005-4745
2005-12-31 05:00:00
CVE-2005-1454
2005-05-19 04:00:00
CVE-2005-1455
2005-05-19 04:00:00
debiancve
debiancve
CVE-2005-4745
2005-12-31 05:00:00
CVE-2005-1454
2005-05-19 04:00:00
CVE-2005-1455
2005-05-19 04:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: freeradius-1.1.3-2.fc6
2007-05-14 17:06:05
oraclelinux
oraclelinux
Moderate: freeradius security update
2007-05-10 00:00:00
securityvulns
securityvulns
FreeRADIUS memory leak
2007-04-16 00:00:00
prion
prion
Design/Logic Flaw
2007-04-13 18:19:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:55
osv
osv
freeradius - several
2006-08-08 00:00:00
debian
debian
[SECURITY] [DSA 1145-1] New freeradius packages fix several vulnerabilities
2006-08-07 00:00:00

0.013 Low

EPSS

Percentile

85.7%

JSON
Related for C110EDA2-E995-11DB-A944-0012F06707F0
openvas19nessus16centos2gentoo2redhat2cvelist4ubuntucve4redhatcve1cve4debiancve4fedora1oraclelinux1securityvulns1prion1veracode1osv1debian1