FreeRADIUS Input Validation Error in EAP-MSCHAPv2 Module May Let Remote Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1015795
|
|
SecurityTracker URL: http://securitytracker.com/id?1015795
|
|
CVE Reference: CVE-2006-1354
(Links to External Site)
|
|
OSVDB Reference: 24025
(Links to External Site)
|
Updated: Apr 4 2006
|
Original Entry Date: Mar 21 2006
|
Impact: Denial of service via network, Host/resource access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.0.0 - 1.1.0
|
Description: A vulnerability was reported in FreeRADIUS. A remote user may be able to bypass authentication checks.
The EAP-MSCHAPv2 module state machine does not properly validate user-supplied input. A remote user may be able to modify their
EAP-MSCHAPv2 client state machine to cause the target server to bypass authentication checks. This may also cause the target server
to crash.
|
Impact: A remote user may be able to bypass authentication checks.
A remote user may also be able to cause the target service to crash.
|
Solution: The vendor has issued a fixed version (1.1.1), available at:
http://www.freeradius.org/getting.html
|
Vendor URL: www.freeradius.org/ (Links to External Site)
|
Cause: Authentication error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 21 Mar 2006 01:29:33 -0500
Subject: FreeRADIUS vulnerability
|
2005.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the EAP-MSCHAPv2 module
in all versions from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient
input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker
could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the
server to bypass authentication checks. This bypassing could also result in the server
crashing. We recommend that administrators upgrade immediately.
|
|
