Vulnerability Bulletins |
Múltiples vulnerabilidades en FreeRADIUS |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Denegación de Servicio |
Dificulty | Avanzado |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | FreeRADIUS < 1.0.1 |
Description |
|
Existen varias vulnerabilidades en las versiones de FreeRADIUS anteriores a la 1.0.1. FreeRADIUS es un servidor radius de fácil configuración, diseñado para centralizar la aurtenticación y autorización de una red. Un atacante capaz de enviar paquetes al servidor podría generar paquetes de tal manera que consumiera memoria causando una denegación de servicio. |
|
Solution |
|
Actualización de software Red Hat Linux Red Hat Enterprise Linux AS version 3 - SRPMS: freeradius-1.0.1-1.RHEL3.src.rpm Red Hat Enterprise Linux AS version 3 - i386: freeradius-1.0.1-1.RHEL3.i386.rpm Red Hat Enterprise Linux AS version 3 - ia64: freeradius-1.0.1-1.RHEL3.ia64.rpm Red Hat Enterprise Linux AS version 3 - ppc: freeradius-1.0.1-1.RHEL3.ppc.rpm Red Hat Enterprise Linux AS version 3 - s390: freeradius-1.0.1-1.RHEL3.s390.rpm Red Hat Enterprise Linux AS version 3 - s390x: freeradius-1.0.1-1.RHEL3.s390x.rpm Red Hat Enterprise Linux AS version 3 - x86_64: freeradius-1.0.1-1.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3 - SRPMS: freeradius-1.0.1-1.RHEL3.src.rpm Red Hat Enterprise Linux ES version 3 - i386: freeradius-1.0.1-1.RHEL3.i386.rpm Red Hat Enterprise Linux ES version 3 - ia64: freeradius-1.0.1-1.RHEL3.ia64.rpm Red Hat Enterprise Linux ES version 3 - x86_64: freeradius-1.0.1-1.RHEL3.x86_64.rpm https://rhn.redhat.com/ |
|
Standar resources |
|
Property | Value |
CVE |
CAN-2004-0938 CAN-2004-0960 CAN-2004-0961 |
BID | 11222 |
Other resources |
|
Red Hat security Advisory (RHSA-2004:609-01) https://rhn.redhat.com/errata/RHSA-2004-609.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-11-15 |