Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:060: freeradius Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the freeradius package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:060 (freeradius).
An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote
attackers to bypass authentication or cause a denial of service (server crash)
via 'Insufficient input validation' in the EAP-MSCHAPv2 state machine module.
Updated packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:060
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.