Page 3 of 37 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Buffer over-read in fr_dhcp_decode_options()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99912 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10982 https://bugzilla.redhat.com/show_bug.cgi?id=1468498 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Un problema FR-GV-204 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in fr_dhcp_decode()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99898 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10981 https://bugzilla.redhat.com/show_bug.cgi?id=1468495 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. La caché de una sesión TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir de manera fiable la reanudación de una sesión no autenticada, que permite a los atacantes remotos (como requirentes maliciosos 802.1X) para omitir la autenticación por medio de PEAP o TTLS. An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. • http://freeradius.org/security.html http://seclists.org/oss-sec/2017/q2/422 http://www.securityfocus.com/bid/98734 http://www.securitytracker.com/id/1038576 https://access.redhat.com/errata/RHSA-2017:1581 https://security.gentoo.org/glsa/201706-27 https://access.redhat.com/security/cve/CVE-2017-9148 https://bugzilla.redhat.com/show_bug.cgi?id=1456697 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. FreeRADIUS 2.2.x en versiones anteriores a 2.2.8 y 3.0.x en versiones anteriores a 3.0.9 no comprueba adecuadamente la revocación de certificados CA intermedios. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html http://www.ocert.org/advisories/ocert-2015-008.html http://www.securityfocus.com/archive/1/535810/100/0/threaded http://www.securityfocus.com/bid/75327 http://www.securitytracker.com/id/1032690 https://bugzilla.redhat.com/show_bug.cgi?id=1234975 • CWE-295: Improper Certificate Validation •

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. Desbordamiento de buffer basado en pila en la función normify en el módulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, posiblemente 3.0.1 y anteriores, podría permitir a atacantes causar una denagción de servicio (caída) y posiblemente ejecutar código arbitrario a través de un hash de contraseña largo, tal y como fue demostrado por un hash SSHA. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. • http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html http://rhn.redhat.com/errata/RHSA-2015-1287.html http://ubuntu.com/usn/usn-2122-1 http://www.openwall.com/lists/oss-security/2014/02/18/3 http://www.securityfocus.com/bid/65581 https://bugzilla.redhat.com/show_bug.cgi?id=1066761 https://acce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •