Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:060 (freeradius)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56612

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:060 (freeradius)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to freeradius
announced via advisory MDKSA-2006:060.

An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows
remote attackers to bypass authentication or cause a denial of service
(server crash) via Insufficient input validation in the EAP-MSCHAPv2
state machine module.

Updated packages have been patched to correct this issue.

Affected: 2006.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:060

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 17171
Common Vulnerability Exposure (CVE) ID: CVE-2006-1354
http://www.securityfocus.com/bid/17171
Debian Security Information: DSA-1089 (Google Search)
http://www.debian.org/security/2006/dsa-1089
http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156
RedHat Security Advisories: RHSA-2006:0271
http://rhn.redhat.com/errata/RHSA-2006-0271.html
http://securitytracker.com/id?1015795
http://secunia.com/advisories/19300
http://secunia.com/advisories/19405
http://secunia.com/advisories/19518
http://secunia.com/advisories/19527
http://secunia.com/advisories/19811
http://secunia.com/advisories/20461
SGI Security Advisory: 20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
SuSE Security Announcement: SUSE-SA:2006:019 (Google Search)
http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html
http://www.trustix.org/errata/2006/0020
http://www.vupen.com/english/advisories/2006/1016
XForce ISS Database: freeradius-eap-mschapv2-auth-bypass(25352)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25352

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56612
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:060 (freeradius)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to freeradius announced via advisory MDKSA-2006:060. An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via Insufficient input validation in the EAP-MSCHAPv2 state machine module. Updated packages have been patched to correct this issue. Affected: 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:060 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 17171 Common Vulnerability Exposure (CVE) ID: CVE-2006-1354 http://www.securityfocus.com/bid/17171 Debian Security Information: DSA-1089 (Google Search) http://www.debian.org/security/2006/dsa-1089 http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156 RedHat Security Advisories: RHSA-2006:0271 http://rhn.redhat.com/errata/RHSA-2006-0271.html http://securitytracker.com/id?1015795 http://secunia.com/advisories/19300 http://secunia.com/advisories/19405 http://secunia.com/advisories/19518 http://secunia.com/advisories/19527 http://secunia.com/advisories/19811 http://secunia.com/advisories/20461 SGI Security Advisory: 20060404-01-U ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc SuSE Security Announcement: SUSE-SA:2006:019 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html http://www.trustix.org/errata/2006/0020 http://www.vupen.com/english/advisories/2006/1016 XForce ISS Database: freeradius-eap-mschapv2-auth-bypass(25352) https://exchange.xforce.ibmcloud.com/vulnerabilities/25352
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com