CVSS: 7.5EPSS: 2%CPEs: 30EXPL: 0CVE-2017-10982 – freeradius: Out-of-bounds read in fr_dhcp_decode_options()
https://notcve.org/view.php?id=CVE-2017-10982
17 Jul 2017 — An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Buffer over-read in fr_dhcp_decode_options()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request... • http://freeradius.org/security/fuzzer-2017.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 45EXPL: 0CVE-2017-10983 – freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63
https://notcve.org/view.php?id=CVE-2017-10983
17 Jul 2017 — An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Un problema FR-GV-206 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite una "DHCP - Read overflow when decoding option 63" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by ... • http://freeradius.org/security/fuzzer-2017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2014-2015 – freeradius: stack-based buffer overflow flaw in rlm_pap module
https://notcve.org/view.php?id=CVE-2014-2015
26 Feb 2014 — Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. Desbordamiento de buffer basado en pila en la función normify en el módulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, po... • http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2011-4966 – freeradius: does not respect expired passwords when using the unix module
https://notcve.org/view.php?id=CVE-2011-4966
12 Mar 2013 — modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente valida... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4474
https://notcve.org/view.php?id=CVE-2008-4474
07 Oct 2008 — freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. freeradius-dialupadmin en freeradius 2.0.4 permite a los usuario locales sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal en (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, y (5) truncate_rada... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •