RHEL 3 : freeradius (RHSA-2004:609)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated freeradius packages that fix a number of denial of service
vulnerabilities as well as minor bugs are now available for Red Hat
Enterprise Linux 3.

FreeRADIUS is a high-performance and highly configurable free RADIUS
server designed to allow centralized authentication and authorization
for a network.

A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An
attacker who is able to send packets to the server could construct
carefully constructed packets in such a way as to cause the server to
consume memory or crash. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CVE-2004-0938,
CVE-2004-0960, and CVE-2004-0961 to these issues.

Users of FreeRADIUS should update to these erratum packages that
contain FreeRADIUS 1.0.1, which is not vulnerable to these issues and
also corrects a number of bugs.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0938.html
https://www.redhat.com/security/data/cve/CVE-2004-0960.html
https://www.redhat.com/security/data/cve/CVE-2004-0961.html
http://rhn.redhat.com/errata/RHSA-2004-609.html

Solution :

Update the affected freeradius package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 15701 ()

Bugtraq ID:

CVE ID: CVE-2004-0938
CVE-2004-0960
CVE-2004-0961