Test ID:	1.3.6.1.4.1.25623.1.0.51503
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:466
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:466. Cistron RADIUS is an authentication and accounting server for terminal servers that speak the RADIUS (Remote Authentication Dial In User Service) protocol. Alan DeKok reported[1] some vulnerabilities in multiple RADIUS server implementations (including radius-cistron). radius-cistron prior to 1.6.6 was vulnerable to: - A buffer overflow in a message digest calculation[2] that could let an attacker to sucessfully run a Deny of Service (DoS) attack againt the server. If the attacker also knows the shared secret (discovering it is not a trivial task), there's a possibility to exploit this vulnerability to execute arbitrary code in the remote machine (with root privileges). - A failure to check the vendor-length of vendor-specific attributes, also possibiliting a Denial of Service attack against RADIUS servers. There's a complete advisory[3] with more information available from CERT® addressing these vulnerabilities. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://online.securityfocus.com/archive/1/239943 http://online.securityfocus.com/bid/3530 http://www.cert.org/advisories/CA-2002-06.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:466 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.