Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50960

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:386

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:386.

FreeRADIUS is an Internet authentication daemon, which implements the
RADIUS protocol. It allows Network Access Servers (NAS boxes) to perform
authentication for dial-up users.

The rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote
attackers to cause a denial of service (crash) via a short RADIUS string
attribute with a tag, which causes memcpy to be called with a -1 length
argument, as demonstrated using the Tunnel-Password attribute. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2003-0967 to this issue.

Users of FreeRADIUS are advised to upgrade to these erratum packages
containing FreeRADIUS 0.9.3 which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-386.html
http://marc.theaimsgroup.com/?l=freeradius-users&m=106947389449613

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 9079
Common Vulnerability Exposure (CVE) ID: CVE-2003-0967
Bugtraq: 20031120 Remote DoS in FreeRADIUS, all versions. (Google Search)
http://marc.info/?l=bugtraq&m=106935911101493&w=2
Bugtraq: 20031121 FreeRADIUS 0.9.2 "Tunnel-Password" attribute Handling Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=106944220426970
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917
http://www.redhat.com/support/errata/RHSA-2003-386.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50960
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:386
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:386. FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol. It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users. The rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0967 to this issue. Users of FreeRADIUS are advised to upgrade to these erratum packages containing FreeRADIUS 0.9.3 which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-386.html http://marc.theaimsgroup.com/?l=freeradius-users&m=106947389449613 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 9079 Common Vulnerability Exposure (CVE) ID: CVE-2003-0967 Bugtraq: 20031120 Remote DoS in FreeRADIUS, all versions. (Google Search) http://marc.info/?l=bugtraq&m=106935911101493&w=2 Bugtraq: 20031121 FreeRADIUS 0.9.2 "Tunnel-Password" attribute Handling Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=106944220426970 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917 http://www.redhat.com/support/errata/RHSA-2003-386.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com