The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation issue which causes some authentication checks to be bypassed.
Package | net-dialup/freeradius on all architectures |
---|---|
Affected versions | < 1.1.1 |
Unaffected versions | >= 1.1.1 < 1.0.0 |
FreeRADIUS is an open source RADIUS authentication server implementation.
FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine.
An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 client state machine.
There is no known workaround at this time.
All FreeRADIUS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.1"
Release date
April 04, 2006
Latest revision
April 04, 2006: 01
Severity
normal
Exploitable
remote
Bugzilla entries