CVE-2006-1354 | Vulnerability Database | Aqua Security

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via Insufficient input validation in the EAP-MSCHAPv2 state machine module.

Affected Software

Name	Vendor	Start Version	End Version
Freeradius	Freeradius	1.0.0 (including)	1.0.0 (including)
Freeradius	Freeradius	1.0.1 (including)	1.0.1 (including)
Freeradius	Freeradius	1.0.2 (including)	1.0.2 (including)
Freeradius	Freeradius	1.0.3 (including)	1.0.3 (including)
Freeradius	Freeradius	1.0.4 (including)	1.0.4 (including)
Freeradius	Freeradius	1.0.5 (including)	1.0.5 (including)
Freeradius	Freeradius	1.1.0 (including)	1.1.0 (including)
Red Hat Enterprise Linux 3	RedHat	freeradius-0:1.0.1-2.RHEL3.2	*
Red Hat Enterprise Linux 4	RedHat	freeradius-0:1.0.1-3.RHEL4.3	*
Freeradius	Ubuntu	dapper	*
Freeradius	Ubuntu	upstream	*

References

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html
http://rhn.redhat.com/errata/RHSA-2006-0271.html
http://secunia.com/advisories/19300
http://secunia.com/advisories/19405
http://secunia.com/advisories/19518
http://secunia.com/advisories/19527
http://secunia.com/advisories/19811
http://secunia.com/advisories/20461
http://securitytracker.com/id?1015795
http://www.debian.org/security/2006/dsa-1089
http://www.freeradius.org/security.html
http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:060
http://www.securityfocus.com/bid/17171
http://www.trustix.org/errata/2006/0020
http://www.vupen.com/english/advisories/2006/1016
https://exchange.xforce.ibmcloud.com/vulnerabilities/25352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1354
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html