CVE-2019-11235 – freeradius: eap-pwd: authentication bypass via an invalid curve attack
https://notcve.org/view.php?id=CVE-2019-11235
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en la curva que se está utilizando", alias "Dragonblood", este problema es similar a CVE-2019-9498 y CVE-2019-9499. A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695748 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2019-11234 – freeradius: eap-pwd: fake authentication using reflection
https://notcve.org/view.php?id=CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. FreeRADIUS antes de 3.0.19 no impide el uso de la reflexión para la autenticación de spoofing, también conocido como "Dragonblood", un problema similar al CVE-2019-9497. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695783 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-287: Improper Authentication •
CVE-2017-10983 – freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63
https://notcve.org/view.php?id=CVE-2017-10983
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Un problema FR-GV-206 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite una "DHCP - Read overflow when decoding option 63" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99915 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10983 https://bugzilla.redhat.com/show_bug.cgi?id=1468503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2017-10978 – freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret()
https://notcve.org/view.php?id=CVE-2017-10978
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. Un problema FR-GV-201 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite un "Read / write overflow in make_secret()" y una denegación de servicio. An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99893 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10978 https://bugzilla.redhat.com/show_bug.cgi?id=1468487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2017-10986 – freeradius: Infinite read in dhcp_attr2vp()
https://notcve.org/view.php?id=CVE-2017-10986
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. Un problema FR-GV-303 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una "DHCP - Infinite read in dhcp_attr2vp()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99971 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10986 https://bugzilla.redhat.com/show_bug.cgi?id=1468551 • CWE-125: Out-of-bounds Read CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •