FreeRADIUS: Multiple Denial of Service vulnerabilities — GLSA 200409-29

Multiple Denial of Service vulnerabilities were found and fixed in FreeRADIUS.

Affected packages

Package 	net-dialup/freeradius on all architectures
Affected versions 	< 1.0.1
Unaffected versions 	>= 1.0.1

Background

FreeRADIUS is an open source RADIUS authentication server implementation.

Description

There are undisclosed defects in the way FreeRADIUS handles incorrect received packets.

Impact

A remote attacker could send specially-crafted packets to the FreeRADIUS server to deny service to other users by crashing the server.

Workaround

There is no known workaround at this time.

Resolution

All FreeRADIUS users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=net-dialup/freeradius-1.0.1"
 # emerge ">=net-dialup/freeradius-1.0.1"

References

    FreeRADIUS Vulnerability Notifications
    CVE-2004-0938
    CVE-2004-0960
    CVE-2004-0961