Oval Definition:oval:com.redhat.rhsa:def:20040609
Revision Date:2004-11-12Version:502
Title:RHSA-2004:609: freeradius security update (Moderate)
Description:FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network.

A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An attacker who is able to send packets to the server could construct carefully constructed packets in such a way as to cause the server to consume memory or crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0938, CAN-2004-0960, and CAN-2004-0961 to these issues.

Users of FreeRADIUS should update to these erratum packages that contain FreeRADIUS 1.0.1, which is not vulnerable to these issues and also corrects a number of bugs.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0938
CVE-2004-0960
CVE-2004-0961
RHSA-2004:609-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • freeradius-mysql is earlier than 0:1.0.1-1.RHEL3
  • AND freeradius-mysql is signed with Red Hat master key
  • OR
  • freeradius-postgresql is earlier than 0:1.0.1-1.RHEL3
  • AND freeradius-postgresql is signed with Red Hat master key
  • OR
  • freeradius-unixODBC is earlier than 0:1.0.1-1.RHEL3
  • AND freeradius-unixODBC is signed with Red Hat master key
  • OR
  • freeradius is earlier than 0:1.0.1-1.RHEL3
  • AND freeradius is signed with Red Hat master key
    • BACK