Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1354

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1354
Last Modified 07 Mar 2011 09:32:51
Published 21 Mar 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1354

Summary

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

Vulnerable Systems

Application

  • Freeradius 1.0.0

  • Freeradius 1.0.1

  • Freeradius 1.0.2

  • Freeradius 1.0.3

  • Freeradius 1.0.4

  • Freeradius 1.0.5

  • Freeradius 1.1.0


References

SECUNIA - 19300

VUPEN - ADV-2006-1016

CONFIRM - http://www.freeradius.org/security.html

XF - freeradius-eap-mschapv2-auth-bypass(25352)

TRUSTIX - 2006-0020

BID - 17171

MANDRIVA - MDKSA-2006:060

GENTOO - GLSA-200604-03

DEBIAN - DSA-1089

SECTRACK - 1015795

SECUNIA - 20461

SECUNIA - 19811

SECUNIA - 19527

SECUNIA - 19518

SECUNIA - 19405

REDHAT - RHSA-2006:0271

SUSE - SUSE-SA:2006:019

SGI - 20060404-01-U

Related Patches

Red Hat 2006:0271-12 RHSA freeradius security update for RHEL 4 x86


Last Updated: 27 May 2016 10:42:02