Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200505-13 (freeradius)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54945

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200505-13 (freeradius)

Resumen: The remote host is missing updates announced in;advisory GLSA 200505-13.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200505-13.

Vulnerability Insight:
The FreeRADIUS server is vulnerable to an SQL injection attack and a buffer
overflow, possibly resulting in disclosure and modification of data and
Denial of Service.

Solution:
All FreeRADIUS users should upgrade to the latest available version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=net-dialup/freeradius-1.0.2-r4'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1454
1013909
http://www.securitytracker.com/alerts/2005/May/1013909.html
13540
http://www.securityfocus.com/bid/13540
20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html
GLSA-200505-13
http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml
RHSA-2005:524
http://www.redhat.com/support/errata/RHSA-2005-524.html
SUSE-SR:2005:014
http://www.novell.com/linux/security/advisories/2005_14_sr.html
freeradius-xlat-sql-injection(20449)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20449
http://www.freeradius.org/security.html
oval:org.mitre.oval:def:9610
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610
Common Vulnerability Exposure (CVE) ID: CVE-2005-1455
13541
http://www.securityfocus.com/bid/13541
freeradius-sqlescapefunc-bo(20450)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20450
oval:org.mitre.oval:def:9579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54945
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200505-13 (freeradius)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200505-13.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200505-13. Vulnerability Insight: The FreeRADIUS server is vulnerable to an SQL injection attack and a buffer overflow, possibly resulting in disclosure and modification of data and Denial of Service. Solution: All FreeRADIUS users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dialup/freeradius-1.0.2-r4' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1454 1013909 http://www.securitytracker.com/alerts/2005/May/1013909.html 13540 http://www.securityfocus.com/bid/13540 20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html GLSA-200505-13 http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml RHSA-2005:524 http://www.redhat.com/support/errata/RHSA-2005-524.html SUSE-SR:2005:014 http://www.novell.com/linux/security/advisories/2005_14_sr.html freeradius-xlat-sql-injection(20449) https://exchange.xforce.ibmcloud.com/vulnerabilities/20449 http://www.freeradius.org/security.html oval:org.mitre.oval:def:9610 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610 Common Vulnerability Exposure (CVE) ID: CVE-2005-1455 13541 http://www.securityfocus.com/bid/13541 freeradius-sqlescapefunc-bo(20450) https://exchange.xforce.ibmcloud.com/vulnerabilities/20450 oval:org.mitre.oval:def:9579 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579
Copyright	Copyright (C) 2008 E-Soft Inc.