CVSS: 7.5EPSS: 2%CPEs: 30EXPL: 0CVE-2017-10982 – freeradius: Out-of-bounds read in fr_dhcp_decode_options()
https://notcve.org/view.php?id=CVE-2017-10982
17 Jul 2017 — An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Buffer over-read in fr_dhcp_decode_options()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request... • http://freeradius.org/security/fuzzer-2017.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 45EXPL: 0CVE-2017-10983 – freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63
https://notcve.org/view.php?id=CVE-2017-10983
17 Jul 2017 — An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Un problema FR-GV-206 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite una "DHCP - Read overflow when decoding option 63" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by ... • http://freeradius.org/security/fuzzer-2017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2017-9148 – freeradius: TLS resumption authentication bypass
https://notcve.org/view.php?id=CVE-2017-9148
29 May 2017 — The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. La caché de una sesión TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir d... • http://freeradius.org/security.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2015-4680 – FreeRADIUS Insufficient CRL Application
https://notcve.org/view.php?id=CVE-2015-4680
23 Jun 2015 — FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. FreeRADIUS 2.2.x en versiones anteriores a 2.2.8 y 3.0.x en versiones anteriores a 3.0.9 no comprueba adecuadamente la revocación de certificados CA intermedios. The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore... • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2014-2015 – freeradius: stack-based buffer overflow flaw in rlm_pap module
https://notcve.org/view.php?id=CVE-2014-2015
26 Feb 2014 — Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. Desbordamiento de buffer basado en pila en la función normify en el módulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, po... • http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2011-4966 – freeradius: does not respect expired passwords when using the unix module
https://notcve.org/view.php?id=CVE-2011-4966
12 Mar 2013 — modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente valida... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 21%CPEs: 3EXPL: 0CVE-2012-3547 – freeradius: stack-based buffer overflow via long expiration date fields in client X509 certificates
https://notcve.org/view.php?id=CVE-2012-3547
18 Sep 2012 — Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. Desbordamiento de búfer basado en pila en la función cbtls_verify en FreeRADIUS v2.1.10 hasta la v2.1.12, cuando se usan los métodos TLS-based EAP, permite a atacantes remotos provocar una denegación de servicio (caída del... • http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2701 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2011-2701
04 Aug 2011 — The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. La función ocsp_check de rlm_eap_tls.c de FreeRADIUS 2.1.11, si OCSP está habilitado, no analiza correctamente la sintaxis ("parse") de las respuestas de los agentes transmisores OCSP, lo que permite a atacantes remotos evitar la autenticación usa... • http://secunia.com/advisories/45425 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3696 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2010-3696
07 Oct 2010 — The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information. La función fr_dhcp_decode en lib/dhcp.c en FreeRADIUS v2.1.9, en determinadas compilaciones (no por defecto), no maneja adecuadamente la opc... • http://freeradius.org/press/index.html#2.1.10 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-3697 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2010-3697
07 Oct 2010 — The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests. La función wait_for_child_to_die en main/event.c en FreeRADIUS v2.1.x anterior a v2.1.10, en determinadas ocaciones genera cortes en la base de datos al no controlar correctamente los tiempos largos de la co... • http://freeradius.org/press/index.html#2.1.10 • CWE-399: Resource Management Errors •