Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0254 -- [RedHat] Important: freeradius security update 5 April 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FreeRADIUS Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES 4 Red Hat Enterprise Linux AS/ES 3 Impact: Execute Arbitrary Code/Commands Inappropriate Access Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-4744 CVE-2006-1354 CVE-2005-4744 Ref: AA-2006.0022 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0271.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: freeradius security update Advisory ID: RHSA-2006:0271-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0271.html Issue date: 2006-04-04 Updated on: 2006-04-04 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-1354 CVE-2005-4744 - - --------------------------------------------------------------------- 1. Summary: Updated freeradius packages that fix an authentication weakness are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 3. Problem description: FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A bug was found in the way FreeRADIUS authenticates users via the MSCHAP V2 protocol. It is possible for a remote attacker to authenticate as a victim by sending a malformed MSCHAP V2 login request to the FreeRADIUS server. (CVE-2006-1354) Please note that FreeRADIUS installations not using the MSCHAP V2 protocol for authentication are not vulnerable to this issue. A bug was also found in the way FreeRADIUS logs SQL errors from the sql_unixodbc module. It may be possible for an attacker to cause FreeRADIUS to crash or execute arbitrary code if they are able to manipulate the SQL database FreeRADIUS is connecting to. (CVE-2006-4744) Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 167676 - CVE-2005-4744 Multiple freeradius security issues 186083 - CVE-2006-1354 FreeRADIUS authentication bypass 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/freeradius-1.0.1-2.RHEL3.2.src.rpm bfc9e019ba3dd3ee67a4156ff37f467c freeradius-1.0.1-2.RHEL3.2.src.rpm i386: b4969ec213ec03c6fc693a1d84f2029c freeradius-1.0.1-2.RHEL3.2.i386.rpm a3b76846db699edcd0a00ce5723e3bfd freeradius-debuginfo-1.0.1-2.RHEL3.2.i386.rpm ia64: 734b8d8314d7bcd9fa122053bf1d495d freeradius-1.0.1-2.RHEL3.2.ia64.rpm 072278ec4c02c3994d318f24908d5694 freeradius-debuginfo-1.0.1-2.RHEL3.2.ia64.rpm ppc: 21188abdd2a98f81d806a29a77fea928 freeradius-1.0.1-2.RHEL3.2.ppc.rpm ca378b1cacd1fb47ceaff217a3625dad freeradius-debuginfo-1.0.1-2.RHEL3.2.ppc.rpm s390: 8429b0806d6e2baadca6ac94312dad8b freeradius-1.0.1-2.RHEL3.2.s390.rpm fed9502492f13e76f59d6c14d53fa315 freeradius-debuginfo-1.0.1-2.RHEL3.2.s390.rpm s390x: 0ac7a21d7bedba7d6b1cf63861a02e31 freeradius-1.0.1-2.RHEL3.2.s390x.rpm 28565d24dd125bc6accd5be4e3f37085 freeradius-debuginfo-1.0.1-2.RHEL3.2.s390x.rpm x86_64: 7eaf8db1f720773cf28479dd6f57fdb0 freeradius-1.0.1-2.RHEL3.2.x86_64.rpm c5159f20497806db6ec077c101487991 freeradius-debuginfo-1.0.1-2.RHEL3.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/freeradius-1.0.1-2.RHEL3.2.src.rpm bfc9e019ba3dd3ee67a4156ff37f467c freeradius-1.0.1-2.RHEL3.2.src.rpm i386: b4969ec213ec03c6fc693a1d84f2029c freeradius-1.0.1-2.RHEL3.2.i386.rpm a3b76846db699edcd0a00ce5723e3bfd freeradius-debuginfo-1.0.1-2.RHEL3.2.i386.rpm ia64: 734b8d8314d7bcd9fa122053bf1d495d freeradius-1.0.1-2.RHEL3.2.ia64.rpm 072278ec4c02c3994d318f24908d5694 freeradius-debuginfo-1.0.1-2.RHEL3.2.ia64.rpm x86_64: 7eaf8db1f720773cf28479dd6f57fdb0 freeradius-1.0.1-2.RHEL3.2.x86_64.rpm c5159f20497806db6ec077c101487991 freeradius-debuginfo-1.0.1-2.RHEL3.2.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.3.src.rpm c6917a0d98ac04e34db4294217a389fb freeradius-1.0.1-3.RHEL4.3.src.rpm i386: 1121b8e53033f5580889eaab5fbd822e freeradius-1.0.1-3.RHEL4.3.i386.rpm f81fc257899d8ed95396af67215ffbe3 freeradius-debuginfo-1.0.1-3.RHEL4.3.i386.rpm 6b1ed7b9c10178db478963f9b4b5986a freeradius-mysql-1.0.1-3.RHEL4.3.i386.rpm 791f052034f7a13f2b07f384e83795f2 freeradius-postgresql-1.0.1-3.RHEL4.3.i386.rpm 046fb51db100364dbe3dc856e7dca02c freeradius-unixODBC-1.0.1-3.RHEL4.3.i386.rpm ia64: 15db5d25efd4ecf030615ccf2552b04d freeradius-1.0.1-3.RHEL4.3.ia64.rpm b207735018793465ac84da5f47129835 freeradius-debuginfo-1.0.1-3.RHEL4.3.ia64.rpm 9fd7df598cffcfdc21012296d3e5eca9 freeradius-mysql-1.0.1-3.RHEL4.3.ia64.rpm 6e813082c69c2c494daa435767e54dbd freeradius-postgresql-1.0.1-3.RHEL4.3.ia64.rpm 8d1bcdc20817ac37be901cd2c7fe7088 freeradius-unixODBC-1.0.1-3.RHEL4.3.ia64.rpm ppc: 0a3d9b8f2d09b1b13259ea99acff91b7 freeradius-1.0.1-3.RHEL4.3.ppc.rpm bd962301995130ca480ce2a237704d47 freeradius-debuginfo-1.0.1-3.RHEL4.3.ppc.rpm e4a7578d745c69f656d8d840307c139f freeradius-mysql-1.0.1-3.RHEL4.3.ppc.rpm e45ba7af692792d8bc52db7e0f6e0deb freeradius-postgresql-1.0.1-3.RHEL4.3.ppc.rpm 9d693f9e452fd06d73aed9a1d5740ddf freeradius-unixODBC-1.0.1-3.RHEL4.3.ppc.rpm s390: cc607bb4dfb35128ed7bef2a74e40aa8 freeradius-1.0.1-3.RHEL4.3.s390.rpm da8f3b3085092c5b33a392247274b44f freeradius-debuginfo-1.0.1-3.RHEL4.3.s390.rpm 42b226f640a1a4224ef0c27bc7bf5527 freeradius-mysql-1.0.1-3.RHEL4.3.s390.rpm ebefbb200863e9bfeb775c7b104934cb freeradius-postgresql-1.0.1-3.RHEL4.3.s390.rpm 4b43bb86ba1d6dc6953bb6dc3d67a147 freeradius-unixODBC-1.0.1-3.RHEL4.3.s390.rpm s390x: 74d462262538062aad16e9d8cea6eb18 freeradius-1.0.1-3.RHEL4.3.s390x.rpm 6e8cba4d1d60d307987b742bc1cb194a freeradius-debuginfo-1.0.1-3.RHEL4.3.s390x.rpm a722d74a53facc3b431ec2ed55481b61 freeradius-mysql-1.0.1-3.RHEL4.3.s390x.rpm 53088f0fbfd0e9b9c1ccd7db0bcff0ad freeradius-postgresql-1.0.1-3.RHEL4.3.s390x.rpm 8b6856b542505d85320bf176beb623c9 freeradius-unixODBC-1.0.1-3.RHEL4.3.s390x.rpm x86_64: d04afcde9543c934bbb44b3a8cf1ad53 freeradius-1.0.1-3.RHEL4.3.x86_64.rpm c7013e94ad0e12263c8d7d97d0441fa6 freeradius-debuginfo-1.0.1-3.RHEL4.3.x86_64.rpm 9734492926441eddcd2740f1d19b537c freeradius-mysql-1.0.1-3.RHEL4.3.x86_64.rpm ab8051bbcb05c66af19e5a89a2349deb freeradius-postgresql-1.0.1-3.RHEL4.3.x86_64.rpm 400250cfddddc9e095d581e2ae87b789 freeradius-unixODBC-1.0.1-3.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freeradius-1.0.1-3.RHEL4.3.src.rpm c6917a0d98ac04e34db4294217a389fb freeradius-1.0.1-3.RHEL4.3.src.rpm i386: 1121b8e53033f5580889eaab5fbd822e freeradius-1.0.1-3.RHEL4.3.i386.rpm f81fc257899d8ed95396af67215ffbe3 freeradius-debuginfo-1.0.1-3.RHEL4.3.i386.rpm 6b1ed7b9c10178db478963f9b4b5986a freeradius-mysql-1.0.1-3.RHEL4.3.i386.rpm 791f052034f7a13f2b07f384e83795f2 freeradius-postgresql-1.0.1-3.RHEL4.3.i386.rpm 046fb51db100364dbe3dc856e7dca02c freeradius-unixODBC-1.0.1-3.RHEL4.3.i386.rpm ia64: 15db5d25efd4ecf030615ccf2552b04d freeradius-1.0.1-3.RHEL4.3.ia64.rpm b207735018793465ac84da5f47129835 freeradius-debuginfo-1.0.1-3.RHEL4.3.ia64.rpm 9fd7df598cffcfdc21012296d3e5eca9 freeradius-mysql-1.0.1-3.RHEL4.3.ia64.rpm 6e813082c69c2c494daa435767e54dbd freeradius-postgresql-1.0.1-3.RHEL4.3.ia64.rpm 8d1bcdc20817ac37be901cd2c7fe7088 freeradius-unixODBC-1.0.1-3.RHEL4.3.ia64.rpm x86_64: d04afcde9543c934bbb44b3a8cf1ad53 freeradius-1.0.1-3.RHEL4.3.x86_64.rpm c7013e94ad0e12263c8d7d97d0441fa6 freeradius-debuginfo-1.0.1-3.RHEL4.3.x86_64.rpm 9734492926441eddcd2740f1d19b537c freeradius-mysql-1.0.1-3.RHEL4.3.x86_64.rpm ab8051bbcb05c66af19e5a89a2349deb freeradius-postgresql-1.0.1-3.RHEL4.3.x86_64.rpm 400250cfddddc9e095d581e2ae87b789 freeradius-unixODBC-1.0.1-3.RHEL4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1354 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4744 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEMjWzXlSAg2UNWIIRAgq6AJ9FOi1hITtqYCncgTcOMEi7pqlQTgCdGST3 Hz5FKSw7qDHTOySNiTCdlok= =lukq - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRDMGSyh9+71yA2DNAQJd9QQAnkm2SDdTQsH9XLDSwsCH4hMmGV/zrjPH 9iPPqgnSaoXt46uti+yORXGVOq8linDuavoJ1mmnfkna5vNZIfchkKREo3zZGat8 tLdVFUjc0AR598iHumoU0M47x1h6ByOREyJMZ/d1VisaEIeOg1cmu/ZHI4AdtzL+ ysknFUgx+qk= =IgSi -----END PGP SIGNATURE-----