Mandrake Linux Security Advisory : freeradius (MDKSA-2007:085)
Medium Nessus Plugin ID 25063
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMemory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
Updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.