Bug#359042: diff for 1.1.0-1.2 NMU

Wed, 17 May 2006 13:07:28 -0700 

Package: freeradius
Version: 1.1.0-1.1
Severity: normal
Tags: patch

Hi,

Attached is the diff for my freeradius 1.1.0-1.2 NMU.  I plan to upload
shortly.

Thanks,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        [EMAIL PROTECTED] |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

diff -Nru /tmp/X4MUTpZG5l/freeradius-1.1.0/debian/changelog 
/tmp/AXRhRwNWmO/freeradius-1.1.0/debian/changelog
--- /tmp/X4MUTpZG5l/freeradius-1.1.0/debian/changelog   2006-05-17 
12:54:42.000000000 -0500
+++ /tmp/AXRhRwNWmO/freeradius-1.1.0/debian/changelog   2006-05-17 
12:54:43.000000000 -0500
@@ -1,3 +1,14 @@
+freeradius (1.1.0-1.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * [ CVE-2006-1354 ]: 
+    src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
+    Due to insufficient input validation it is possible for a remote
+    attacker to bypass authentication or cause a denial of service.
+    (closes: #359042)
+
+ -- steve <[EMAIL PROTECTED]>  Wed, 17 May 2006 11:22:28 -0500
+
 freeradius (1.1.0-1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru /tmp/X4MUTpZG5l/freeradius-1.1.0/debian/patches/00list 
/tmp/AXRhRwNWmO/freeradius-1.1.0/debian/patches/00list
--- /tmp/X4MUTpZG5l/freeradius-1.1.0/debian/patches/00list      2006-05-17 
12:54:42.000000000 -0500
+++ /tmp/AXRhRwNWmO/freeradius-1.1.0/debian/patches/00list      2006-05-17 
12:54:43.000000000 -0500
@@ -4,3 +4,4 @@
 12_more_dialup_admin_various_fixes.dpatch
 13_a_libtool14_to_call_your_own.dpatch
 14_broken_parse.dpatch
+15_CVE-2006-1354.dpatch
diff -Nru 
/tmp/X4MUTpZG5l/freeradius-1.1.0/debian/patches/15_CVE-2006-1354.dpatch 
/tmp/AXRhRwNWmO/freeradius-1.1.0/debian/patches/15_CVE-2006-1354.dpatch
--- /tmp/X4MUTpZG5l/freeradius-1.1.0/debian/patches/15_CVE-2006-1354.dpatch     
1969-12-31 18:00:00.000000000 -0600
+++ /tmp/AXRhRwNWmO/freeradius-1.1.0/debian/patches/15_CVE-2006-1354.dpatch     
2006-05-17 12:54:43.000000000 -0500
@@ -0,0 +1,23 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 15_CVE-2006-1354.dpatch by  <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: MSCHAP vuln
+
[EMAIL PROTECTED]@
+
+--- 
freeradius-1.1.0/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c.old
 2006-05-17 12:41:18.000000000 -0500
++++ 
freeradius-1.1.0/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c  
   2006-05-17 12:41:45.000000000 -0500
+@@ -449,6 +449,12 @@
+               break;
+ 
+       case PW_EAP_MSCHAPV2_SUCCESS:
++               if (data->code != PW_EAP_MSCHAPV2_SUCCESS) {
++                       radlog(L_ERR, "rlm_eap_mschapv2: Unexpected success 
received");
++                       return 0;
++               }
++
++
+               /*
+                *      It's a success.  Don't proxy it.
+                */

Reply via email to