漏洞信息详情

OpenBSD Radius认证绕过漏洞

漏洞简介

OpenBSD 3.2,3.5版本,以及可能还包括其他版本中的login_radius,没有核实RADIUS服务器发送的一个响应数据包的共享密钥,远程攻击者可以利用该漏洞通过骗取服务器答复的方式来绕过认证。

漏洞公告

Patches are available for OpenBSD 3.4 and 3.5. It is also reported that this issue is addressed in OpenBSD 3.6 and OpenBSD-current. F5 has released a patch and upgrades for BIG-IP and 3-DNS. Version 4.5.11 and 4.6.3 are not vulnerable to this issue. Contact the vendor to obtain fixes or upgrades. OpenBSD OpenBSD 3.5

OpenBSD OpenBSD 3.4

参考网址

来源: BID 名称: 11227 链接:http://www.securityfocus.com/bid/11227 来源: www.reseau.nl 链接:http://www.reseau.nl/advisories/0400-openbsd-radius.txt 来源: www.openbsd.org 链接:http://www.openbsd.org/errata35.html#radius 来源: SECUNIA 名称: 12617 链接:http://secunia.com/advisories/12617 来源: XF 名称: openbsd-radius-auth-bypass(17456) 链接:http://xforce.iss.net/xforce/xfdb/17456 来源: VULNWATCH 名称: 20040921 OpenBSD radius authentication vulnerability 链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html 来源: OSVDB 名称: 10203 链接:http://www.osvdb.org/10203

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多