This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated FreeRADIUS packages are now available that fix a denial of
FreeRADIUS is an Internet authentication daemon, which implements the
RADIUS protocol. It allows Network Access Servers (NAS boxes) to
perform authentication for dial-up users.
The rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote
attackers to cause a denial of service (crash) via a short RADIUS
string attribute with a tag, which causes memcpy to be called with a
-1 length argument, as demonstrated using the Tunnel-Password
attribute. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0967 to this issue.
Users of FreeRADIUS are advised to upgrade to these erratum packages
containing FreeRADIUS 0.9.3 which is not vulnerable to these issues.
See also :
Update the affected freeradius package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12437 ()
CVE ID: CVE-2003-0967
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.