Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:524

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53096

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:524

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:524.

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query. An attacker may be able to crash FreeRADIUS if they cause
FreeRADIUS to escape a string containing three or less characters. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is
possible that an authenticated user could execute arbitrary SQL queries by
sending a specially crafted request to FreeRADIUS. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-1455 to this issue.

Users of FreeRADIUS should update to these erratum packages, which contain
backported patches and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-524.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1454
1013909
http://www.securitytracker.com/alerts/2005/May/1013909.html
13540
http://www.securityfocus.com/bid/13540
20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html
GLSA-200505-13
http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml
RHSA-2005:524
http://www.redhat.com/support/errata/RHSA-2005-524.html
SUSE-SR:2005:014
http://www.novell.com/linux/security/advisories/2005_14_sr.html
freeradius-xlat-sql-injection(20449)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20449
http://www.freeradius.org/security.html
oval:org.mitre.oval:def:9610
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610
Common Vulnerability Exposure (CVE) ID: CVE-2005-1455
13541
http://www.securityfocus.com/bid/13541
freeradius-sqlescapefunc-bo(20450)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20450
oval:org.mitre.oval:def:9579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53096
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:524
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:524. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A buffer overflow bug was found in the way FreeRADIUS escapes data in an SQL query. An attacker may be able to crash FreeRADIUS if they cause FreeRADIUS to escape a string containing three or less characters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1454 to this issue. Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is possible that an authenticated user could execute arbitrary SQL queries by sending a specially crafted request to FreeRADIUS. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1455 to this issue. Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-524.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1454 1013909 http://www.securitytracker.com/alerts/2005/May/1013909.html 13540 http://www.securityfocus.com/bid/13540 20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html GLSA-200505-13 http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml RHSA-2005:524 http://www.redhat.com/support/errata/RHSA-2005-524.html SUSE-SR:2005:014 http://www.novell.com/linux/security/advisories/2005_14_sr.html freeradius-xlat-sql-injection(20449) https://exchange.xforce.ibmcloud.com/vulnerabilities/20449 http://www.freeradius.org/security.html oval:org.mitre.oval:def:9610 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610 Common Vulnerability Exposure (CVE) ID: CVE-2005-1455 13541 http://www.securityfocus.com/bid/13541 freeradius-sqlescapefunc-bo(20450) https://exchange.xforce.ibmcloud.com/vulnerabilities/20450 oval:org.mitre.oval:def:9579 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com