ports/95191: net/freeradius requires urgent update to 1.1.1, port contains exploits
Dean Hollister
dean at odyssey.apana.org.au
Sat Apr 1 07:40:16 UTC 2006
>Number: 95191
>Category: ports
>Synopsis: net/freeradius requires urgent update to 1.1.1, port contains exploits
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 01 07:40:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Dean Hollister
>Release: FreeBSD 4.11-STABLE i386
>Organization:
Australian Public Access Network Association Inc
>Environment:
System: FreeBSD odyssey.apana.org.au 4.11-STABLE FreeBSD 4.11-STABLE #0: Wed Sep 21 06:20:10 WST 2005 root at odyssey.apana.org.au:/usr/obj/usr/src/sys/ODYSSEY i386
>Description:
As per the vendor's website:
2006.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the EAP-MSCHAPv2 module in all
versions from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient input validation was
being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their
EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks.
This bypassing could also result in the server crashing. We recommend that administrators upgrade
immediately.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list