CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41859 – freeradius: Information leakage in EAP-PWD
https://notcve.org/view.php?id=CVE-2022-41859
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f https://access.redhat.com/security/cve/CVE-2022-41859 https://bugzilla.redhat.com/show_bug.cgi?id=2078483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41861 – freeradius: Crash on invalid abinary data
https://notcve.org/view.php?id=CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e https://access.redhat.com/security/cve/CVE-2022-41861 https://bugzilla.redhat.com/show_bug.cgi?id=2078487 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 2CVE-2019-10143 – freeradius: privilege escalation due to insecure logrotate configuration
https://notcve.org/view.php?id=CVE-2019-10143
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." ** EN DISPUTA **Se encontró que freeradius hasta la versión 3.0.19 incluyéndola, no configura correctamente el componente logrotate, lo que permite que un atacante local que ya tiene el control del usuario radiusd escale sus privilegios a root, engañando a logrotate para que escriba un archivo escribible en radiusd en un directorio normalmente inaccesible para el usuario radiusd. NOTA: el mantenedor de software upstream ha declarado que "simplemente no hay forma de que alguien obtenga privilegios a través de este supuesto problema" It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. FreeRadius versions 3.0.19 and below suffer from a privilege escalation vulnerability via insecure logrotate use. • http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Nov/14 https://access.redhat.com/errata/RHSA-2019:3353 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143 https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/pull/2666 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX https://lists.fedoraproject.org/archives/list/ • CWE-250: Execution with Unnecessary Privileges CWE-266: Incorrect Privilege Assignment CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-11235 – freeradius: eap-pwd: authentication bypass via an invalid curve attack
https://notcve.org/view.php?id=CVE-2019-11235
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en la curva que se está utilizando", alias "Dragonblood", este problema es similar a CVE-2019-9498 y CVE-2019-9499. A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695748 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11234 – freeradius: eap-pwd: fake authentication using reflection
https://notcve.org/view.php?id=CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. FreeRADIUS antes de 3.0.19 no impide el uso de la reflexión para la autenticación de spoofing, también conocido como "Dragonblood", un problema similar al CVE-2019-9497. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695783 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-287: Improper Authentication •