ID de Prueba:	1.3.6.1.4.1.25623.1.0.56480
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0271
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0271. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A bug was found in the way FreeRADIUS authenticates users via the MSCHAP V2 protocol. It is possible for a remote attacker to authenticate as a victim by sending a malformed MSCHAP V2 login request to the FreeRADIUS server. (CVE-2006-1354) Please note that FreeRADIUS installations not using the MSCHAP V2 protocol for authentication are not vulnerable to this issue. A bug was also found in the way FreeRADIUS logs SQL errors from the sql_unixodbc module. It may be possible for an attacker to cause FreeRADIUS to crash or execute arbitrary code if they are able to manipulate the SQL database FreeRADIUS is connecting to. (CVE-2006-4744) Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0271.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1354 BugTraq ID: 17171 http://www.securityfocus.com/bid/17171 Debian Security Information: DSA-1089 (Google Search) http://www.debian.org/security/2006/dsa-1089 http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156 RedHat Security Advisories: RHSA-2006:0271 http://rhn.redhat.com/errata/RHSA-2006-0271.html http://securitytracker.com/id?1015795 http://secunia.com/advisories/19300 http://secunia.com/advisories/19405 http://secunia.com/advisories/19518 http://secunia.com/advisories/19527 http://secunia.com/advisories/19811 http://secunia.com/advisories/20461 SGI Security Advisory: 20060404-01-U ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc SuSE Security Announcement: SUSE-SA:2006:019 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html http://www.trustix.org/errata/2006/0020 http://www.vupen.com/english/advisories/2006/1016 XForce ISS Database: freeradius-eap-mschapv2-auth-bypass(25352) https://exchange.xforce.ibmcloud.com/vulnerabilities/25352 Common Vulnerability Exposure (CVE) ID: CVE-2005-4744 14775 http://www.securityfocus.com/bid/14775 16712 http://secunia.com/advisories/16712 19497 http://secunia.com/advisories/19497 19518 19811 20060404-01-U 20461 DSA-1089 MDKSA-2006:066 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066 RHSA-2006:0271 freeradius-token-sqlunixodbc-dos(22211) https://exchange.xforce.ibmcloud.com/vulnerabilities/22211 http://www.freeradius.org/security/20050909-response-to-suse.txt http://www.freeradius.org/security/20050909-vendor-sec.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 oval:org.mitre.oval:def:10449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449 Common Vulnerability Exposure (CVE) ID: CVE-2006-4744 Bugtraq: 20060907 Airscanner Mobile Security Advisory #06070101: Abidia & OAnywhere (All versions) (Google Search) http://www.securityfocus.com/archive/1/445608/100/0/threaded http://www.airscanner.com/security/06070101_abidia_oanywhere.htm http://securityreason.com/securityalert/1560
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.