CVE-2011-4966 – freeradius: does not respect expired passwords when using the unix module
https://notcve.org/view.php?id=CVE-2011-4966
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente validarse mediante una contraseña caducada. • http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html http://rhn.redhat.com/errata/RHBA-2012-0881.html http://rhn.redhat.com/errata/RHSA-2013-0134.html https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 https://access.redhat.com/security/cve/CVE-2011-4966 https://bugzilla.redhat.com/show_bug.cgi?id=879045 • CWE-255: Credentials Management Errors •
CVE-2009-3111 – FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service
https://notcve.org/view.php?id=CVE-2009-3111
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. La función rad_decode FreeRADIUS anterior a v1.1.8, permite a atacantes remotos provocar una denegación de servicio (caída de radiusd) a través de los atributos zero-length Tunnel-Password. NOTA: esto es una regresión al error relacionado con el CVE-2003-0967. • https://www.exploit-db.com/exploits/9642 http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 http://intevydis.com/vd-list.shtml http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://secunia.com/advisories/36509 http://support.apple.com/kb/HT3937 http://www.openwall.com/lists/oss-secu •
CVE-2007-2028
https://notcve.org/view.php?id=CVE-2007-2028
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. Filtración de memoria en freeRADIUS 1.1.5 y anteriores permite a atacantes remotos provocar denegación de servicio (consumo de memoria) a través de un gran número de conexiones de tunel de EAP-TTLS utilizando atributos de formato mal formado de Diameter, lo cual hace que la respuesta de validación sea rechazada pero no recupera la estructura de datos VALUE_PAIR. • http://rhn.redhat.com/errata/RHSA-2007-0338.html http://secunia.com/advisories/24849 http://secunia.com/advisories/24907 http://secunia.com/advisories/24917 http://secunia.com/advisories/24996 http://secunia.com/advisories/25201 http://secunia.com/advisories/25220 http://security.gentoo.org/glsa/glsa-200704-14.xml http://www.freeradius.org/security.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:085 http://www.novell.com/linux/security/advisories/2007_10_ •
CVE-2007-0080
https://notcve.org/view.php?id=CVE-2007-0080
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute ** DISPUTADA** Desbordamiento de búfer en la función SMB_Connect_Server en FreeRadius 1.1.3 y anteriores permite a un atacante remoto ejecutar código arbitrario relacionado con el campo de servidor desthost de una instancia SMB_Handle_Type. NOTA: el impacto de este asunto ha sido disputado por una tercera parte fiable, que dice que la explotación se límita 'exclusivamente a administradores locales que tienen acceso de escritura a los ficheros de configuración de servidores'. CVE está de acuerdo con la disputa. • http://osvdb.org/32082 http://securitytracker.com/id?1017463 http://www.attrition.org/pipermail/vim/2007-February/001304.html http://www.freeradius.org/security.html http://www.securityfocus.com/archive/1/455678/100/0/threaded http://www.securityfocus.com/archive/1/455812/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/31248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-0938
https://notcve.org/view.php?id=CVE-2004-0938
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. FreeRADIUS anteriores a 1.0.1 permite a atacantes remotos causar una denegación de servicio (caída del servidor) enviando un atributo Ascend-Send-Secret sin el paquete de encabezado requerido. • http://security.gentoo.org/glsa/glsa-200409-29.xml http://www.kb.cert.org/vuls/id/541574 http://www.osvdb.org/10178 http://www.securityfocus.com/bid/11222 https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347 https://access.redhat.com/security/cve/CVE-2004-0938 https://bugzilla.redhat.com/show_bug •