Vulnerability-Lookup

CERTA-2005-AVI-170

Vulnerability from certfr_avis - Published: 2005-05-23 - Updated: 2005-06-24

Une vulnérabilité a été découverte dans FreeRADIUS.

Description

FreeRADIUS est une mise en oeuvre libre d'un serveur d'authentification RADIUS. Une vulnérabilité de type débordement de tampon a été découverte dans FreeRADIUS. Celle-ci permet à un utilisateur mal intentionné, par le biais d'une requête malicieusement construite d'effectuer un déni de service.

Solution

La dernière version « cvs » disponible corrige le problème :

ftp://ftp.freeradius.org/pub/radius/CVS-snapshots

FreeRADIUS versions 1.0.2 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité de Gentoo GLSA 200505-13 / freeradius	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2005:524 du 23 juin 2005 :	-	other
Bulletin de sécurité VuXML sur FreeBSD du 22 mai 2005 :	-	other
Bulletin de sécurité SUSE SUSE-SR:2005:014 du 07 juin 2005 :	-	other
Référence CVE CAN-2005-1455 :	-	other
Bulletin de sécurité Gentoo GLSA 200505-13 du 17 mai 2005 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eFreeRADIUS\u003c/TT\u003e versions 1.0.2 et  ant\u00e9rieures.",
  "content": "## Description\n\nFreeRADIUS est une mise en oeuvre libre d\u0027un serveur d\u0027authentification\nRADIUS. Une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de tampon a \u00e9t\u00e9 d\u00e9couverte\ndans FreeRADIUS. Celle-ci permet \u00e0 un utilisateur mal intentionn\u00e9, par\nle biais d\u0027une requ\u00eate malicieusement construite d\u0027effectuer un d\u00e9ni de\nservice.\n\n## Solution\n\nLa derni\u00e8re version \u00ab cvs \u00bb disponible corrige le probl\u00e8me :\n\n    ftp://ftp.freeradius.org/pub/radius/CVS-snapshots\n",
  "cves": [],
  "initial_release_date": "2005-05-23T00:00:00",
  "last_revision_date": "2005-06-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2005:524 du 23 juin 2005    :",
      "url": "https://rhn.redhat.com/errata/RHSA-2005-524.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VuXML sur FreeBSD du 22 mai 2005 :",
      "url": "http://www.vuxml.org/freebsd/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2005:014 du 07 juin 2005    :",
      "url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CAN-2005-1455 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1455"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200505-13 du 17 mai 2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"
    }
  ],
  "reference": "CERTA-2005-AVI-170",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2005-05-23T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin VuXML sur FreeBSD du 22 mai 2005.",
      "revision_date": "2005-06-03T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin SUSE SUSE-SR:2005:014. Ajout r\u00e9f\u00e9rence CVE.",
      "revision_date": "2005-06-08T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin Red Hat RHSA-2005:524.",
      "revision_date": "2005-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans FreeRADIUS.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans FreeRADIUS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 de Gentoo GLSA 200505-13 / freeradius",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted