Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:664

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51427

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:664

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:664.

Cistron RADIUS is an authentication and accounting system for
terminal servers that speak the RADIUS (Remote Authentication Dial In
User Service) protocol.

David Luyer reported[1] a buffer overflow vulnerability in
radiusd-cistron versions <= 1.6.6 that could allow remote attackers
to cause a denial of service (DoS) and possibly execute arbitrary
code in the server context. The vulnerability resides in the handling
of the NAS-Port attribute, which can be interpreted as a negative
number, causing a buffer overflow.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2003-0450 to this issue[2].

This update fixes the problem using a patched version of
radiusd-cistron 1.6.6.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0450
http://distro2.conectiva.com.br/bugzilla/show_bug.cgi?id=8690
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:664
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0450
Conectiva Linux advisory: CLA-2003:664
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000664
Debian Security Information: DSA-321 (Google Search)
http://www.debian.org/security/2003/dsa-321
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063
SuSE Security Announcement: SuSE-SA:2003:030 (Google Search)
http://www.novell.com/linux/security/advisories/2003_030_radiusd_cistron.html
TurboLinux Advisory: TLSA-2003-40
http://www.turbolinux.com/security/TLSA-2003-40.txt

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51427
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:664
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:664. Cistron RADIUS is an authentication and accounting system for terminal servers that speak the RADIUS (Remote Authentication Dial In User Service) protocol. David Luyer reported[1] a buffer overflow vulnerability in radiusd-cistron versions <= 1.6.6 that could allow remote attackers to cause a denial of service (DoS) and possibly execute arbitrary code in the server context. The vulnerability resides in the handling of the NAS-Port attribute, which can be interpreted as a negative number, causing a buffer overflow. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2003-0450 to this issue[2]. This update fixes the problem using a patched version of radiusd-cistron 1.6.6. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0450 http://distro2.conectiva.com.br/bugzilla/show_bug.cgi?id=8690 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:664 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0450 Conectiva Linux advisory: CLA-2003:664 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000664 Debian Security Information: DSA-321 (Google Search) http://www.debian.org/security/2003/dsa-321 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063 SuSE Security Announcement: SuSE-SA:2003:030 (Google Search) http://www.novell.com/linux/security/advisories/2003_030_radiusd_cistron.html TurboLinux Advisory: TLSA-2003-40 http://www.turbolinux.com/security/TLSA-2003-40.txt
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com