A flaw was found in the way FreeRADIUS parses certain authentication requests. The upstream description explain it as such: http://www.freeradius.org/security.html 2007.04.10 v1.1.5, and earlier - A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit. We recommend that administrators using EAP-TTLS upgrade immediately. This bug was found as part of the Coverity Scan project. The EAP-TTLS support is not enabled by default in any FreeRADIUS installations. This flaw also affects RHEL 3 and 4.
Created attachment 152488 [details] Upstream Patch
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0338.html