Novell Home

CVE-2006-1354

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2006-1354 at MITRE

Description

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 160249

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Open Enterprise Server
  • freeradius >= 1.0.5-2.14
core9.s390
core9.ppc
sles9-nlpos.x86
core9.ia64
YOU Patch Nr: 10924
SUSE LINUX 10.0
  • freeradius >= 1.0.4-4.2
SUSE LINUX 9.1 for IA32
SUSE LINUX 9.1 for x86-64
  • freeradius >= 1.0.5-2.14
SUSE LINUX 9.2
  • freeradius >= 1.0.0-5.8
SUSE LINUX 9.3
  • freeradius >= 1.0.2-5.7

© 2014 Novell