FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability

Bugtraq ID: 17171
Class: Input Validation Error
CVE: CVE-2006-1354
Remote: Yes
Local: No
Published: Mar 21 2006 12:00AM
Updated: Jan 25 2007 04:19PM
Credit: Announced by the vendor.
Vulnerable: Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
FreeRADIUS FreeRADIUS 1.1
FreeRADIUS FreeRADIUS 1.0.5
FreeRADIUS FreeRADIUS 1.0.4
FreeRADIUS FreeRADIUS 1.0.3
FreeRADIUS FreeRADIUS 1.0.2
+ Gentoo Linux
FreeRADIUS FreeRADIUS 1.0.1
FreeRADIUS FreeRADIUS 1.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Not Vulnerable: FreeRADIUS FreeRADIUS 1.1.1


 

Privacy Statement
Copyright 2010, SecurityFocus