Linux Security
Linux Security
Linux Security

Debian: New freeradius packages fix arbitrary code execution

Date 03 Jun 2006
Posted By LinuxSecurity Advisories
Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1089-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
June 3rd, 2006                
- --------------------------------------------------------------------------

Package        : freeradius
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-4744 CVE-2006-1354
BugTraq IDs    : 17171 17293
Debian Bug     : 359042

Several problems have been discovered in freeradius, a
high-performance and highly configurable RADIUS server.  The Common
Vulnerabilities and Exposures project identifies the following


    SuSE researchers have discovered several off-by-one errors may
    allow remote attackers to cause a denial of service and possibly
    execute arbitrary code.


    Due to insufficient input validation it is possible for a remote
    attacker to bypass authentication or cause a denial of service.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.2-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.0-1.2.

We recommend that you upgrade your freeradius package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      897 56748d8bbc17aa4e7393b990eb74b3eb
      Size/MD5 checksum:    15630 20c245bcb697ed963fa5599fd64412fd
      Size/MD5 checksum:  1931715 422a004f2354b2a7364f5b683891a26a

  Architecture independent components:
      Size/MD5 checksum:   111708 ad56d19ec032f33dc7c80816176fdb33

  Alpha architecture:
      Size/MD5 checksum:  2234836 a9bfbf394a28e96c3a548f4c9cc6daf1
      Size/MD5 checksum:    54158 01356bafaa902def24608e4ff0f5234f
      Size/MD5 checksum:    54986 bee15f15d005285f827766f996c60ce4
      Size/MD5 checksum:   107460 56d7d0ee92185d08baac041d5997849f
      Size/MD5 checksum:    55930 f9b5543a03e90b5dff4657eb74c17e1d

  AMD64 architecture:
      Size/MD5 checksum:  1961200 87bf5381e4746425397e6315811aa202
      Size/MD5 checksum:    53024 c61df3f04a0f4022edf411bd98416ba6
      Size/MD5 checksum:    53786 e21e4a4f2073dd8ed6eb123432b45360
      Size/MD5 checksum:    99594 5090d67f5a4da97b097656608a570ba6
      Size/MD5 checksum:    54750 0431a87e678e805a6ef551dd8e5307aa

  ARM architecture:
      Size/MD5 checksum:  2034200 a78f3ddf85f1e71c32e9b86bbbbe8e85
      Size/MD5 checksum:    51194 7238cf725afbcaf03efab289cc6bd11b
      Size/MD5 checksum:    52600 9f16d186efe2c9ee581516d9263acd33
      Size/MD5 checksum:    96374 0e057ed9a937bcf2e6a0604434510bb4
      Size/MD5 checksum:    53186 4c11d61d72cdfba0ba4282f49955d727

  Intel IA-32 architecture:
      Size/MD5 checksum:  2028508 9be926753b1314b3e7453bcb36773c03
      Size/MD5 checksum:    51446 953e5b759545a6238bdccb91260e6f25
      Size/MD5 checksum:    52560 79302631d1252b0c5916f2c3659f0eb9
      Size/MD5 checksum:    97512 4bbd2b53a66a237ce910fcf147302637
      Size/MD5 checksum:    53282 2e067204ac8293570a8a177763afdcc3

  Intel IA-64 architecture:
      Size/MD5 checksum:  2375466 943bd9e40c1ffab804b453d8d6acc7f4
      Size/MD5 checksum:    53962 0cb36b4572da7058d92fe910d492c95f
      Size/MD5 checksum:    55154 f075e38a76ab13c658f7131721f4489b
      Size/MD5 checksum:   112832 a64d3649091a27afe04ca6cb4136f668
      Size/MD5 checksum:    56028 99aa443bc1fd14e50e50a507aeec0100

  HP Precision architecture:
      Size/MD5 checksum:  2039272 d016b1a80144623a6e6ee3adabad8ae8
      Size/MD5 checksum:    54602 ee33f588d756dd6196f79b1447f0aa8f
      Size/MD5 checksum:    56014 bb6ab35f1ad31b57a7bd19d071812693
      Size/MD5 checksum:   105438 7bd780bb55549c009ba25c59f07306a7
      Size/MD5 checksum:    56354 1cdfaf9766a45583c41573f53dc1947e

  Motorola 680x0 architecture:
      Size/MD5 checksum:  2017716 7e004414928552bd42e6824f45b09608
      Size/MD5 checksum:    52950 eb95df0d1973deff8557f8ef21af5789
      Size/MD5 checksum:    53954 531a9c1328415fedd7d258af62c822e6
      Size/MD5 checksum:    95190 adbb0a86dcfad99fb7d6ab2d327157cc
      Size/MD5 checksum:    54802 7b908b24521cb21174a13617434b376c

  Big endian MIPS architecture:
      Size/MD5 checksum:  2135574 4eb5a131e58807a2928130a1260a2dad
      Size/MD5 checksum:    53200 b5dd30dd319f8154ef914f773a0c1448
      Size/MD5 checksum:    53668 d7e9aad513740e93a52db17e902e5747
      Size/MD5 checksum:    97996 8bb100ed36fc455f73b667ec4bb4da7e
      Size/MD5 checksum:    55140 f6cdf24be5e60b91e61dce6280a02192

  Little endian MIPS architecture:
      Size/MD5 checksum:  2102240 86ab8809a4bef9538ea4c7693492ca3f
      Size/MD5 checksum:    52062 281530578f22e92c57ff60374000b0f3
      Size/MD5 checksum:    52400 df97212268ea91baad3ca2dfdc4c7fce
      Size/MD5 checksum:    96492 3d63745a6aaf6bbf32a9cb48582acdd7
      Size/MD5 checksum:    53936 9ded19b30c574fa280e54f246cf80749

  PowerPC architecture:
      Size/MD5 checksum:  2330602 3362429b3da2311b68d86ebfc07544ee
      Size/MD5 checksum:    58844 69224d3064f8a9b2f632c3a0035d61ca
      Size/MD5 checksum:    60056 ba48d26580793fe3963306e9408982c7
      Size/MD5 checksum:   108876 9ee35d9bba2ed802d84274b458f861be
      Size/MD5 checksum:    61222 cf3addbb9c8ff12ea10eea6f6dc8ea7d

  IBM S/390 architecture:
      Size/MD5 checksum:  2581854 d4ec31ca6d5a56a0276321aa6cd666e1
      Size/MD5 checksum:    65650 d568c8c65934c39f20a0a06424d06cb7
      Size/MD5 checksum:    66414 5c5883970226a543b1d4186676e56733
      Size/MD5 checksum:   122758 e5394b982f52d76fe7e06aa1b894724b
      Size/MD5 checksum:    68072 cdac845ff69647c86434cb0dca112b09

  Sun Sparc architecture:
      Size/MD5 checksum:  2080708 0ecadd00e7bd093d9c8a5684c066b62e
      Size/MD5 checksum:    52898 b0f8020da1f2ab6d29cbd587361f6831
      Size/MD5 checksum:    54004 98076e96d39bf98c15a220f2f1e13317
      Size/MD5 checksum:    98894 550cc64d2b5c0b6a4af33d669df6abc0
      Size/MD5 checksum:    54868 b18f2bfe5e3bd063a243f94d4060ab52

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.