freeradius -- remote packet of death vulnerability
freeRADIUS Vulnerability Notifications reports:
2009.09.09 v1.1.7 - Anyone who can send packets to
the server can crash it by sending a Tunnel-Password
attribute in an Access-Request packet. This
vulnerability is not otherwise exploitable. We have
released 1.1.8 to correct this vulnerability.
This issue is similar to the previous Tunnel-Password
issue noted below. The vulnerable versions are 1.1.3
through 1.1.7. Version 2.x is not affected.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright