CVE-2006-1354

Published: 22 March 2006

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

Priority

Status

Package	Release	Status
freeradius Launchpad, Ubuntu, Debian	dapper	Released (1.1.0-1ubuntu2.1)
	edgy	Not vulnerable
	feisty	Not vulnerable
	gutsy	Not vulnerable
	upstream	Released (1.1.1)

References

https://www.cve.org/CVERecord?id=CVE-2006-1354
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/164000

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›