Re: [SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution
On Sat, Jun 03, 2006 at 02:27:36PM +0200, Martin Schulze wrote:
> Debian Security Advisory DSA 1089-1 security@debian.org
> - --------------------------------------------------------------------------
>
> CVE-2005-4744
>
> SuSE researchers have discovered several off-by-one errors may
> allow remote attackers to cause a denial of service and possibly
> execute arbitrary code.
>
> CVE-2006-1354
>
> Due to insufficient input validation it is possible for a remote
> attacker to bypass authentication or cause a denial of service.
It would have been helpful to explain the impact a bit. One bug is in the
SQL backend, and another in EAP-MSCHAPv2. For people who don't use these
features (and don't have them enabled), the advisory isn't so urgent.
--
2. That which causes joy or happiness.
Reply to: