-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:060 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freeradius Date : March 23, 2006 Affected: 2006.0 _______________________________________________________________________ Problem Description: An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. Updated packages have been patched to correct this issue. _______________________________________________________________________
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: f5694e70f14cbd19b83fd27b2486206c 2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.i586.rpm 9659a4da82f833ad9f981ea7227868b2 2006.0/RPMS/libfreeradius1-1.0.4-2.1.20060mdk.i586.rpm f9a3447563fef1dfb6340999b1d826de 2006.0/RPMS/libfreeradius1-devel-1.0.4-2.1.20060mdk.i586.rpm bf2f92256eaa0ce809d792e8e24611a1 2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.1.20060mdk.i586.rpm 044cc3fbaa56104318ba267cdab184f9 2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.1.20060mdk.i586.rpm 4b8c8e812804df23e9f6596d905621be 2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.1.20060mdk.i586.rpm c2623a903a88573a3b768f2ebe7eacbb 2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.1.20060mdk.i586.rpm 28c6de397354d35ee9df21d8e191ebbe 2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.1.20060mdk.i586.rpm 085c52e42b5cc7fc22837abd0f9c5139 2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: bfce7c3070118389bfb438cf21172339 x86_64/2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.x86_64.rpm 16da145b1daefdb21ddf948840e5080d x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.1.20060mdk.x86_64.rpm 8a31178431515a527b098eba3cae4d24 x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.1.20060mdk.x86_64.rpm ea2fac845a7de5897fc5a8cfc10aa567 x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.1.20060mdk.x86_64.rpm df111b875358584ec03dc45c16a18cb5 x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.1.20060mdk.x86_64.rpm a8b1ab60450cae42203318941f32a596 x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.1.20060mdk.x86_64.rpm dad9cba86a4bbe8dd30d052853989094 x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.1.20060mdk.x86_64.rpm c058e7e6d30729aefa60dd7cf3fe3ab3 x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.1.20060mdk.x86_64.rpm 085c52e42b5cc7fc22837abd0f9c5139 x86_64/2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEIyNkmqjQ0CJFipgRAqX7AKDlD7ZrED1MAZDU8zXs/JOq6wk2VwCffGiU ZMogegmLH8UXUd2dlOmdwh8= =BcHF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
