7.5

CVE-2006-1354

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreeradiusFreeradius Version1.0.0
FreeradiusFreeradius Version1.0.1
FreeradiusFreeradius Version1.0.2
FreeradiusFreeradius Version1.0.3
FreeradiusFreeradius Version1.0.4
FreeradiusFreeradius Version1.0.5
FreeradiusFreeradius Version1.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.76% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.freeradius.org/security.html
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://rhn.redhat.com/errata/RHSA-2006-0271.html
http://secunia.com/advisories/19518
http://secunia.com/advisories/19811
http://secunia.com/advisories/20461
http://www.debian.org/security/2006/dsa-1089
http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html
http://secunia.com/advisories/19300
Patch
Vendor Advisory
http://secunia.com/advisories/19405
http://secunia.com/advisories/19527
http://securitytracker.com/id?1015795
http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:060
http://www.securityfocus.com/bid/17171
http://www.trustix.org/errata/2006/0020
http://www.vupen.com/english/advisories/2006/1016
https://exchange.xforce.ibmcloud.com/vulnerabilities/25352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156