Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in freeradius
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in freeradius
ID: MDKSA-2006:060
Distribution: Mandriva
Plattformen: Mandriva 2006.0
Datum: Fr, 24. März 2006, 06:10
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354
Applikationen: FreeRADIUS

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1143176978-21416-773


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:060
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : freeradius
 Date    : March 23, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows 
 remote attackers to bypass authentication or cause a denial of service 
 (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2
 
 state machine module.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f5694e70f14cbd19b83fd27b2486206c 
 2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.i586.rpm
 9659a4da82f833ad9f981ea7227868b2 
 2006.0/RPMS/libfreeradius1-1.0.4-2.1.20060mdk.i586.rpm
 f9a3447563fef1dfb6340999b1d826de 
 2006.0/RPMS/libfreeradius1-devel-1.0.4-2.1.20060mdk.i586.rpm
 bf2f92256eaa0ce809d792e8e24611a1 
 2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.1.20060mdk.i586.rpm
 044cc3fbaa56104318ba267cdab184f9 
 2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.1.20060mdk.i586.rpm
 4b8c8e812804df23e9f6596d905621be 
 2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.1.20060mdk.i586.rpm
 c2623a903a88573a3b768f2ebe7eacbb 
 2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.1.20060mdk.i586.rpm
 28c6de397354d35ee9df21d8e191ebbe 
 2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.1.20060mdk.i586.rpm
 085c52e42b5cc7fc22837abd0f9c5139 
 2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bfce7c3070118389bfb438cf21172339 
 x86_64/2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.x86_64.rpm
 16da145b1daefdb21ddf948840e5080d 
 x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.1.20060mdk.x86_64.rpm
 8a31178431515a527b098eba3cae4d24 
 x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.1.20060mdk.x86_64.rpm
 ea2fac845a7de5897fc5a8cfc10aa567 
 x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.1.20060mdk.x86_64.rpm
 df111b875358584ec03dc45c16a18cb5 
 x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.1.20060mdk.x86_64.rpm
 a8b1ab60450cae42203318941f32a596 
 x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.1.20060mdk.x86_64.rpm
 dad9cba86a4bbe8dd30d052853989094 
 x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.1.20060mdk.x86_64.rpm
 c058e7e6d30729aefa60dd7cf3fe3ab3 
 x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.1.20060mdk.x86_64.rpm
 085c52e42b5cc7fc22837abd0f9c5139 
 x86_64/2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEIyNkmqjQ0CJFipgRAqX7AKDlD7ZrED1MAZDU8zXs/JOq6wk2VwCffGiU
ZMogegmLH8UXUd2dlOmdwh8=
=BcHF
-----END PGP SIGNATURE-----


------------=_1143176978-21416-773
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1143176978-21416-773--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung