Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0338

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58898

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2007:0338

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2007:0338.

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service. (CVE-2007-2028)

Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0338.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-2028
1018042
http://www.securitytracker.com/id?1018042
2007-0013
http://www.trustix.org/errata/2007/0013/
23466
http://www.securityfocus.com/bid/23466
24849
http://secunia.com/advisories/24849
24907
http://secunia.com/advisories/24907
24917
http://secunia.com/advisories/24917
24996
http://secunia.com/advisories/24996
25201
http://secunia.com/advisories/25201
25220
http://secunia.com/advisories/25220
ADV-2007-1369
http://www.vupen.com/english/advisories/2007/1369
GLSA-200704-14
http://security.gentoo.org/glsa/glsa-200704-14.xml
MDKSA-2007:085
http://www.mandriva.com/security/advisories?name=MDKSA-2007:085
RHSA-2007:0338
http://rhn.redhat.com/errata/RHSA-2007-0338.html
SUSE-SR:2007:010
http://www.novell.com/linux/security/advisories/2007_10_sr.html
http://www.freeradius.org/security.html
oval:org.mitre.oval:def:11156
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58898
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0338
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0338. FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028) Users of FreeRADIUS should update to these erratum packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0338.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2028 1018042 http://www.securitytracker.com/id?1018042 2007-0013 http://www.trustix.org/errata/2007/0013/ 23466 http://www.securityfocus.com/bid/23466 24849 http://secunia.com/advisories/24849 24907 http://secunia.com/advisories/24907 24917 http://secunia.com/advisories/24917 24996 http://secunia.com/advisories/24996 25201 http://secunia.com/advisories/25201 25220 http://secunia.com/advisories/25220 ADV-2007-1369 http://www.vupen.com/english/advisories/2007/1369 GLSA-200704-14 http://security.gentoo.org/glsa/glsa-200704-14.xml MDKSA-2007:085 http://www.mandriva.com/security/advisories?name=MDKSA-2007:085 RHSA-2007:0338 http://rhn.redhat.com/errata/RHSA-2007-0338.html SUSE-SR:2007:010 http://www.novell.com/linux/security/advisories/2007_10_sr.html http://www.freeradius.org/security.html oval:org.mitre.oval:def:11156 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com