1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200604-03 / freeradius |
| Release Date | April 04, 2006 |
| Latest Revision | April 04, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-dialup/freeradius | < 1.1.1 | >= 1.1.1, < 1.0.0 | All supported architectures |
Related bugreports: #127229
The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation issue which causes some authentication checks to be bypassed.
FreeRADIUS is an open source RADIUS authentication server implementation.
FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine.
An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 client state machine.
There is no known workaround at this time.
All FreeRADIUS users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.1" |