Opened 12 years ago

Closed 12 years ago

#487 closed defect (fixed)

Freeradius 1.1.1 is available

Reported by: anonymous Owned by: florian
Priority: high Milestone: 0.9/rc6
Component: packages Version:
Keywords: Cc:


Hello, the version of freeradius in whiterussion is 1.0.5 and I read on the official site of freeradius this:

2006.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the EAP-MSCHAPv2 module in all versions from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing. We recommend that administrators upgrade immediately.


Attachments (0)

Change History (2)

comment:1 Changed 12 years ago by florian

  • Owner changed from developers to florian
  • Status changed from new to assigned

comment:2 Changed 12 years ago by nico

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in [3830]. Updated packages are available for WhiteRussian RC5 in the backports repository.

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.