CVE-2006-1354

Severity

75%

Complexity

99%

Confidentiality

106%

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

FreeRADIUS

First reported 18 years ago

2006-03-22 02:02:00

Last updated 7 years ago

2017-10-11 01:30:00

Affected Software

FreeRADIUS 1.0.0

1.0.0

FreeRADIUS 1.0.1

1.0.1

FreeRADIUS 1.0.2

1.0.2

FreeRADIUS 1.0.3

1.0.3

FreeRADIUS 1.0.4

1.0.4

FreeRADIUS 1.0.5

1.0.5

FreeRADIUS 1.1.0

1.1.0

References

20060404-01-U

SUSE-SA:2006:019

RHSA-2006:0271

19300

Patch, Vendor Advisory

19405

19518

19527

19811

20461

1015795

DSA-1089

http://www.freeradius.org/security.html

GLSA-200604-03

MDKSA-2006:060

17171

2006-0020

ADV-2006-1016

freeradius-eap-mschapv2-auth-bypass(25352)

oval:org.mitre.oval:def:10156

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.