漏洞信息详情
OpenBSD Radius认证绕过漏洞
- CNNVD编号:CNNVD-200412-796
- 危害等级: 高危
![图片[1]-OpenBSD Radius认证绕过漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-07/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2004-2163
- 漏洞类型:
设计错误
- 发布时间:
2004-12-31
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
openbsd - 漏洞来源:
This issue was dis… -
漏洞简介
OpenBSD 3.2,3.5版本,以及可能还包括其他版本中的login_radius,没有核实RADIUS服务器发送的一个响应数据包的共享密钥,远程攻击者可以利用该漏洞通过骗取服务器答复的方式来绕过认证。
漏洞公告
Patches are available for OpenBSD 3.4 and 3.5. It is also reported that this issue is addressed in OpenBSD 3.6 and OpenBSD-current.
F5 has released a patch and upgrades for BIG-IP and 3-DNS. Version 4.5.11 and 4.6.3 are not vulnerable to this issue. Contact the vendor to obtain fixes or upgrades.
OpenBSD OpenBSD 3.5
-
OpenBSD 020_radius.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/020_radius.patch
OpenBSD OpenBSD 3.4
-
OpenBSD 031_radius.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/031_radius.patch
参考网址
来源: BID
名称: 11227
链接:http://www.securityfocus.com/bid/11227
来源: www.reseau.nl
链接:http://www.reseau.nl/advisories/0400-openbsd-radius.txt
来源: www.openbsd.org
链接:http://www.openbsd.org/errata35.html#radius
来源: SECUNIA
名称: 12617
链接:http://secunia.com/advisories/12617
来源: XF
名称: openbsd-radius-auth-bypass(17456)
链接:http://xforce.iss.net/xforce/xfdb/17456
来源: VULNWATCH
名称: 20040921 OpenBSD radius authentication vulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
来源: OSVDB
名称: 10203
链接:http://www.osvdb.org/10203
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
