Advisories | Mandriva

Navigation

Package name	freeradius
Date	March 23rd, 2006
Advisory ID	MDKSA-2006:060
Affected versions	2006.0

Problem Description

An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows
remote attackers to bypass authentication or cause a denial of service
(server crash) via "Insufficient input validation" in the EAP-MSCHAPv2
state machine module.

Updated packages have been patched to correct this issue.

Updated Packages

Mandriva Linux 2006

 f5694e70f14cbd19b83fd27b2486206c  2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.i586.rpm
 9659a4da82f833ad9f981ea7227868b2  2006.0/RPMS/libfreeradius1-1.0.4-2.1.20060mdk.i586.rpm
 f9a3447563fef1dfb6340999b1d826de  2006.0/RPMS/libfreeradius1-devel-1.0.4-2.1.20060mdk.i586.rpm
 bf2f92256eaa0ce809d792e8e24611a1  2006.0/RPMS/libfreeradius1-krb5-1.0.4-2.1.20060mdk.i586.rpm
 044cc3fbaa56104318ba267cdab184f9  2006.0/RPMS/libfreeradius1-ldap-1.0.4-2.1.20060mdk.i586.rpm
 4b8c8e812804df23e9f6596d905621be  2006.0/RPMS/libfreeradius1-mysql-1.0.4-2.1.20060mdk.i586.rpm
 c2623a903a88573a3b768f2ebe7eacbb  2006.0/RPMS/libfreeradius1-postgresql-1.0.4-2.1.20060mdk.i586.rpm
 28c6de397354d35ee9df21d8e191ebbe  2006.0/RPMS/libfreeradius1-unixODBC-1.0.4-2.1.20060mdk.i586.rpm
 085c52e42b5cc7fc22837abd0f9c5139  2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 bfce7c3070118389bfb438cf21172339  x86_64/2006.0/RPMS/freeradius-1.0.4-2.1.20060mdk.x86_64.rpm
 16da145b1daefdb21ddf948840e5080d  x86_64/2006.0/RPMS/lib64freeradius1-1.0.4-2.1.20060mdk.x86_64.rpm
 8a31178431515a527b098eba3cae4d24  x86_64/2006.0/RPMS/lib64freeradius1-devel-1.0.4-2.1.20060mdk.x86_64.rpm
 ea2fac845a7de5897fc5a8cfc10aa567  x86_64/2006.0/RPMS/lib64freeradius1-krb5-1.0.4-2.1.20060mdk.x86_64.rpm
 df111b875358584ec03dc45c16a18cb5  x86_64/2006.0/RPMS/lib64freeradius1-ldap-1.0.4-2.1.20060mdk.x86_64.rpm
 a8b1ab60450cae42203318941f32a596  x86_64/2006.0/RPMS/lib64freeradius1-mysql-1.0.4-2.1.20060mdk.x86_64.rpm
 dad9cba86a4bbe8dd30d052853989094  x86_64/2006.0/RPMS/lib64freeradius1-postgresql-1.0.4-2.1.20060mdk.x86_64.rpm
 c058e7e6d30729aefa60dd7cf3fe3ab3  x86_64/2006.0/RPMS/lib64freeradius1-unixODBC-1.0.4-2.1.20060mdk.x86_64.rpm
 085c52e42b5cc7fc22837abd0f9c5139  x86_64/2006.0/SRPMS/freeradius-1.0.4-2.1.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.