Description of problem:
Remote Denial Of Service, and remote crash by sending malformed packets.
Version-Release number of selected component (if applicable):
All version of Freeradius prior to version 1.0.1 (to check)
From the freeradius ChangeLog:
FreeRADIUS 1.0.1 ; $Date: 2004/09/02 10:52:03 $, urgency=high
Denial-of-Service Security Fix
* Fix two remote crashes and a memory leak in RADIUS packet
No CAN numbers have been associated with this issue:
Removing security-sensitive tag as this issue is public.
RHSA-2004:609 in progress which will update FreeRADIUS to version
1.0.1 and also fix:
127168 - rebuilding freeradius picks up system libeap rather than
127162 - zlib-devel is missing from BuildRequires in spec file
130606 - Missing buildrequires in freediag
130613 - radiusd.conf specifies other pam-auth than file installed in
CAN-2004-0938, CAN-2004-0960, CAN-2004-0961 were assigned to these issues
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.