Re: [SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1089-1] New freeradius packages fix arbitrary code execution
From: Josip Rodin <joy@srce.hr>
Date: Sat, 3 Jun 2006 15:20:28 +0200
Message-id: <[🔎] 20060603132028.GA14434@keid.carnet.hr>
In-reply-to: <20060603122736.68CD6FE51@finlandia.infodrom.north.de>
References: <20060603122736.68CD6FE51@finlandia.infodrom.north.de>

On Sat, Jun 03, 2006 at 02:27:36PM +0200, Martin Schulze wrote:
> Debian Security Advisory DSA 1089-1                    security@debian.org
> - --------------------------------------------------------------------------
> 
> CVE-2005-4744
> 
>     SuSE researchers have discovered several off-by-one errors may
>     allow remote attackers to cause a denial of service and possibly
>     execute arbitrary code.
> 
> CVE-2006-1354
> 
>     Due to insufficient input validation it is possible for a remote
>     attacker to bypass authentication or cause a denial of service.

It would have been helpful to explain the impact a bit. One bug is in the
SQL backend, and another in EAP-MSCHAPv2. For people who don't use these
features (and don't have them enabled), the advisory isn't so urgent.

-- 
     2. That which causes joy or happiness.

Reply to:

Prev by Date: Re: Logauswertung (translation)
Next by Date: Updated firewall script.
Previous by thread: Re: Logauswertung (translation)
Next by thread: Updated firewall script.
Index(es):
- Date
- Thread