FreeRADIUS: Multiple Denial of Service vulnerabilities Multiple Denial of Service vulnerabilities were found and fixed in FreeRADIUS. FreeRADIUS September 22, 2004 May 22, 2006: 02 60587 remote 1.0.1 1.0.1

FreeRADIUS is an open source RADIUS authentication server implementation.

There are undisclosed defects in the way FreeRADIUS handles incorrect received packets.

A remote attacker could send specially-crafted packets to the FreeRADIUS server to deny service to other users by crashing the server.

There is no known workaround at this time.

All FreeRADIUS users should upgrade to the latest version:

# emerge sync # emerge -pv ">=net-dialup/freeradius-1.0.1" # emerge ">=net-dialup/freeradius-1.0.1" FreeRADIUS Vulnerability Notifications CVE-2004-0938 CVE-2004-0960 CVE-2004-0961 jaervosz koon koon