FreeBSD Local Security Checks : FreeBSD Ports: freeradius

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.52343

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: freeradius

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: freeradius

CVE-2004-0938
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of
service (server crash) by sending an Ascend-Send-Secret attribute
without the required leading packet.

CVE-2004-0960
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of
service (core dump) via malformed USR vendor-specific attributes (VSA)
that cause a memcpy operation with a -1 argument.

CVE-2004-0961
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to
cause a denial of service (memory exhaustion) via a series of
Access-Request packets with (1) Ascend-Send-Secret, (2)
Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0938
BugTraq ID: 11222
http://www.securityfocus.com/bid/11222
CERT/CC vulnerability note: VU#541574
http://www.kb.cert.org/vuls/id/541574
http://security.gentoo.org/glsa/glsa-200409-29.xml
http://www.osvdb.org/10178
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347
XForce ISS Database: freeradius-dos(17440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17440
Common Vulnerability Exposure (CVE) ID: CVE-2004-0960
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023
Common Vulnerability Exposure (CVE) ID: CVE-2004-0961
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.52343
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: freeradius
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: freeradius CVE-2004-0938 FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. CVE-2004-0960 FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. CVE-2004-0961 Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0938 BugTraq ID: 11222 http://www.securityfocus.com/bid/11222 CERT/CC vulnerability note: VU#541574 http://www.kb.cert.org/vuls/id/541574 http://security.gentoo.org/glsa/glsa-200409-29.xml http://www.osvdb.org/10178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347 XForce ISS Database: freeradius-dos(17440) https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 Common Vulnerability Exposure (CVE) ID: CVE-2004-0960 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023 Common Vulnerability Exposure (CVE) ID: CVE-2004-0961 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024
Copyright	Copyright (C) 2008 E-Soft Inc.