freeradius-1.1.3-1.5AXS3
エラータID: AXSA:2009-401:02
リリース日:
2009/09/27 Sunday - 19:48
題名:
freeradius-1.1.3-1.5AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- FreeRADIUS の rad_decode 関数には、リモートの攻撃者が長さが 0 のトンネルパスワード属性によって、サービス拒否 (radiusd のクラッシュ) を引き起こす脆弱性があります。(CVE-2009-3111)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-3111
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
追加情報:
N/A
ダウンロード:
SRPMS
- freeradius-1.1.3-1.5AXS3.src.rpm
MD5: 7855785bdf2b92a24461fe2308854723
SHA-256: 660dbba18e34210e04a700ee8db48f26f87208479826a864782cafc36f6b1b3f
Size: 1.93 MB
Asianux Server 3 for x86
- freeradius-1.1.3-1.5AXS3.i386.rpm
MD5: 4e3c9001bf91870d0e1450476d5d956f
SHA-256: e0baedd6c6ec8d44aff5fee7f9fc295c9e6284d288af39523976d3eeac40eefe
Size: 1.15 MB - freeradius-mysql-1.1.3-1.5AXS3.i386.rpm
MD5: fdb7821d4a65115df79a0b86a1b6af0d
SHA-256: 629f0d2de92c39e3d45150fa7cb3d5ece4ddc6fb047758642217e26bf6955f73
Size: 15.98 kB - freeradius-postgresql-1.1.3-1.5AXS3.i386.rpm
MD5: 074e6440ddd0a74d61fe21e25020198b
SHA-256: 4744ae1a4988244ceaef2fac1a5bed77c8d68979c494d40b1c11c5f41604ce05
Size: 15.97 kB - freeradius-unixODBC-1.1.3-1.5AXS3.i386.rpm
MD5: e697eed9a4914736a80068e07759bbb7
SHA-256: 966052fc5b2a7342e9fe4bcac65e7a0c947d13672351b50a3c3542cfe0790629
Size: 15.40 kB
Asianux Server 3 for x86_64
- freeradius-1.1.3-1.5AXS3.x86_64.rpm
MD5: c3590a10b2c3b6bb5b48b83adc707878
SHA-256: 85367d67bbc4ea55b31bd7e58aaf444b6fb740857026d07eb4cc1fda6425dcb6
Size: 1.16 MB - freeradius-mysql-1.1.3-1.5AXS3.x86_64.rpm
MD5: 86afec26e848c7f94cd68a485f3e3cec
SHA-256: 9d672155d15f2d8ab884109917e8db468b180b1bf3e15711c91bfea9aea0fa33
Size: 15.97 kB - freeradius-postgresql-1.1.3-1.5AXS3.x86_64.rpm
MD5: ce6dd3413a8c6768a8006cf63fafb372
SHA-256: 0317c9c3ea3f1ed48a7a586df3c9c23870085b378c0a46eddd6011991ec9337c
Size: 16.06 kB - freeradius-unixODBC-1.1.3-1.5AXS3.x86_64.rpm
MD5: ef4da1ad6ec7a62db4f329d6a0c81d87
SHA-256: 24252ec1abfbed569c30d79c561c0b1128355eb764c1dc14095f8d5fd916f7f4
Size: 15.53 kB