Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:066 (freeradius)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56615

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:066 (freeradius)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to freeradius
announced via advisory MDKSA-2006:066.

Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS
might allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code by causing the external database query to fail.

Updated packages have been patched to correct this issue.

Affected: 2006.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:066

Risk factor : High

CVSS Score:
6.4

Referencia Cruzada: BugTraq ID: 14775
Common Vulnerability Exposure (CVE) ID: CVE-2005-4744
14775
http://www.securityfocus.com/bid/14775
16712
http://secunia.com/advisories/16712
19497
http://secunia.com/advisories/19497
19518
http://secunia.com/advisories/19518
19811
http://secunia.com/advisories/19811
20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
20461
http://secunia.com/advisories/20461
DSA-1089
http://www.debian.org/security/2006/dsa-1089
MDKSA-2006:066
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066
RHSA-2006:0271
http://rhn.redhat.com/errata/RHSA-2006-0271.html
freeradius-token-sqlunixodbc-dos(22211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22211
http://www.freeradius.org/security/20050909-response-to-suse.txt
http://www.freeradius.org/security/20050909-vendor-sec.txt
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
oval:org.mitre.oval:def:10449
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56615
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:066 (freeradius)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to freeradius announced via advisory MDKSA-2006:066. Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. Updated packages have been patched to correct this issue. Affected: 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:066 Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	BugTraq ID: 14775 Common Vulnerability Exposure (CVE) ID: CVE-2005-4744 14775 http://www.securityfocus.com/bid/14775 16712 http://secunia.com/advisories/16712 19497 http://secunia.com/advisories/19497 19518 http://secunia.com/advisories/19518 19811 http://secunia.com/advisories/19811 20060404-01-U ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc 20461 http://secunia.com/advisories/20461 DSA-1089 http://www.debian.org/security/2006/dsa-1089 MDKSA-2006:066 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066 RHSA-2006:0271 http://rhn.redhat.com/errata/RHSA-2006-0271.html freeradius-token-sqlunixodbc-dos(22211) https://exchange.xforce.ibmcloud.com/vulnerabilities/22211 http://www.freeradius.org/security/20050909-response-to-suse.txt http://www.freeradius.org/security/20050909-vendor-sec.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 oval:org.mitre.oval:def:10449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com