Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2006-0271: freeradius

Vulnerability Assessment Details

RHSA-2006-0271: freeradius
Vulnerability Assessment Summary
Check for the version of the freeradius packages

Detailed Explanation for this Vulnerability Assessment


Updated freeradius packages that fix an authentication weakness are now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to permit centralized authentication and authorization for a network.

A bug was found in the way FreeRADIUS authenticates users via the MSCHAP V2
protocol. It is possible for a remote attacker to authenticate as a victim
by sending a malformed MSCHAP V2 login request to the FreeRADIUS server.
(CVE-2006-1354)

Please note that FreeRADIUS installations not using the MSCHAP V2 protocol
for authentication are not vulnerable to this issue.

A bug was also found in the way FreeRADIUS logs SQL errors from the
sql_unixodbc module. It may be possible for a possible hacker to cause FreeRADIUS
to crash or execute arbitrary code if they are able to manipulate the SQL
database FreeRADIUS is connecting to. (CVE-2006-4744)

Users of FreeRADIUS should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.




Solution : http://rhn.redhat.com/errata/RHSA-2006-0271.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security
Cables, Connectors


Mini External OLED AMIGA Gotek Floppy Drive Emulator For Amiga 500/500+/600/1200 picture

Mini External OLED AMIGA Gotek Floppy Drive Emulator For Amiga 500/500+/600/1200

$37.24


AMIGA 2000 Mainboard Rev 6 ASIS picture

AMIGA 2000 Mainboard Rev 6 ASIS

$100.00


Amiga A500 NTSC, 1 MB Chip RAM, HDMI, Wireless Mouse picture

Amiga A500 NTSC, 1 MB Chip RAM, HDMI, Wireless Mouse

$360.00


Amiga 500 Gotek Custom Mount USB Floppy Emulator - Complete Kit with Gotek picture

Amiga 500 Gotek Custom Mount USB Floppy Emulator - Complete Kit with Gotek

$65.00


Vampirized Video Toaster Branded Amiga 2000 Desktop Computer w/Flyer Vampire etc picture

Vampirized Video Toaster Branded Amiga 2000 Desktop Computer w/Flyer Vampire etc

$4999.98


Amiga Textcraft Plus, Amiga Extras + GEOS, more, Eleven 3.5

Amiga Textcraft Plus, Amiga Extras + GEOS, more, Eleven 3.5" Floppy Disk Lot

$19.25


AT&T Card w/ Motorola 060 XC68060RC50A 68060 & Seagate ST51080N SCSI2 Hard Drive picture

AT&T Card w/ Motorola 060 XC68060RC50A 68060 & Seagate ST51080N SCSI2 Hard Drive

$299.95


Commodore Amiga Game 1991 - OUT OF THIS WORLD - The Only One Available picture

Commodore Amiga Game 1991 - OUT OF THIS WORLD - The Only One Available

$249.99


TeensyROM Cartridge for Commodore 64/128: MIDI, Fastload, Emulation, and Network picture

TeensyROM Cartridge for Commodore 64/128: MIDI, Fastload, Emulation, and Network

$65.00


Amiga Gotek V3.42 External Ivory & BIEGE + 0.96 OLED + Rotary with DF1/ 23p Lead picture

Amiga Gotek V3.42 External Ivory & BIEGE + 0.96 OLED + Rotary with DF1/ 23p Lead

$88.58


Discussions

No Discussions have been posted on this vulnerability.