FreeBSD Local Security Checks : FreeBSD Ports: freeradius

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52343

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: freeradius

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: freeradius

CVE-2004-0938
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of
service (server crash) by sending an Ascend-Send-Secret attribute
without the required leading packet.

CVE-2004-0960
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of
service (core dump) via malformed USR vendor-specific attributes (VSA)
that cause a memcpy operation with a -1 argument.

CVE-2004-0961
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to
cause a denial of service (memory exhaustion) via a series of
Access-Request packets with (1) Ascend-Send-Secret, (2)
Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0938
BugTraq ID: 11222
http://www.securityfocus.com/bid/11222
CERT/CC vulnerability note: VU#541574
http://www.kb.cert.org/vuls/id/541574
http://security.gentoo.org/glsa/glsa-200409-29.xml
http://www.osvdb.org/10178
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347
XForce ISS Database: freeradius-dos(17440)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17440
Common Vulnerability Exposure (CVE) ID: CVE-2004-0960
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023
Common Vulnerability Exposure (CVE) ID: CVE-2004-0961
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52343
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: freeradius
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: freeradius CVE-2004-0938 FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. CVE-2004-0960 FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. CVE-2004-0961 Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0938 BugTraq ID: 11222 http://www.securityfocus.com/bid/11222 CERT/CC vulnerability note: VU#541574 http://www.kb.cert.org/vuls/id/541574 http://security.gentoo.org/glsa/glsa-200409-29.xml http://www.osvdb.org/10178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347 XForce ISS Database: freeradius-dos(17440) https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 Common Vulnerability Exposure (CVE) ID: CVE-2004-0960 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023 Common Vulnerability Exposure (CVE) ID: CVE-2004-0961 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024
Copyright	Copyright (C) 2008 E-Soft Inc.