| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / april, 2006 / FreeRADIUS EAP-MSCHAPv2 input validation vulnerability 

FreeRADIUS EAP-MSCHAPv2 input validation vulnerability

FreeRADIUS EAP-MSCHAPv2 input validation vulnerability

Date Discovered: 2006. március 28.
Date Published: 2006. március 29.
Last Updated: 2006. március 29.

Threat Assessment
Overall Risk: Medium
Impact:          High
Popularity:    Low
Simplicity:     Low

Vulnerability Description
Vulnerability ID:          33970
Discovered By:            anonymous
Exploitable Locally:     No
Exploitable Remotely: Yes
Impact:                        Remote attackers can gain unauthorized access or cause a denial of service condition.
Root Cause:                 Software Vulnerability

FreeRADIUS contains a vulnerability that can allow remote attackers to gain unauthorized access or cause a denial of service condition. The vulnerability is due to insufficient input validation in the EAP-MSCHAPv2 state machine module. Remote attackers can exploit this vulnerability to bypass authentication or cause a crash.

 

 

More information on CA Vulnerability Information Center: 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33970

Computer Associates – the Trusted Source of Security Knowledge

 

2006-04-05 14:16

Back