CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8763
https://notcve.org/view.php?id=CVE-2015-8763
27 Mar 2017 — The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. El módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8 permite a atacantes remotos tener un impacto no especificado a través (1) commit o (2) confirmar mensaje, lo que desencadena una lectura fuera de límites. • http://freeradius.org/security.html#eap-pwd-2015 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8764
https://notcve.org/view.php?id=CVE-2015-8764
27 Mar 2017 — Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Error por un paso en el módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8, lo que desencadena un desbordamiento de búfer. • http://freeradius.org/security.html#eap-pwd-2015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2015-4680 – FreeRADIUS Insufficient CRL Application
https://notcve.org/view.php?id=CVE-2015-4680
23 Jun 2015 — FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. FreeRADIUS 2.2.x en versiones anteriores a 2.2.8 y 3.0.x en versiones anteriores a 3.0.9 no comprueba adecuadamente la revocación de certificados CA intermedios. The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore... • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2014-2015 – freeradius: stack-based buffer overflow flaw in rlm_pap module
https://notcve.org/view.php?id=CVE-2014-2015
26 Feb 2014 — Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. Desbordamiento de buffer basado en pila en la función normify en el módulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, po... • http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2011-4966 – freeradius: does not respect expired passwords when using the unix module
https://notcve.org/view.php?id=CVE-2011-4966
12 Mar 2013 — modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente valida... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 21%CPEs: 3EXPL: 0CVE-2012-3547 – freeradius: stack-based buffer overflow via long expiration date fields in client X509 certificates
https://notcve.org/view.php?id=CVE-2012-3547
18 Sep 2012 — Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. Desbordamiento de búfer basado en pila en la función cbtls_verify en FreeRADIUS v2.1.10 hasta la v2.1.12, cuando se usan los métodos TLS-based EAP, permite a atacantes remotos provocar una denegación de servicio (caída del... • http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2701 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2011-2701
04 Aug 2011 — The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. La función ocsp_check de rlm_eap_tls.c de FreeRADIUS 2.1.11, si OCSP está habilitado, no analiza correctamente la sintaxis ("parse") de las respuestas de los agentes transmisores OCSP, lo que permite a atacantes remotos evitar la autenticación usa... • http://secunia.com/advisories/45425 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3696 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2010-3696
07 Oct 2010 — The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information. La función fr_dhcp_decode en lib/dhcp.c en FreeRADIUS v2.1.9, en determinadas compilaciones (no por defecto), no maneja adecuadamente la opc... • http://freeradius.org/press/index.html#2.1.10 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-3697 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2010-3697
07 Oct 2010 — The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests. La función wait_for_child_to_die en main/event.c en FreeRADIUS v2.1.x anterior a v2.1.10, en determinadas ocaciones genera cortes en la base de datos al no controlar correctamente los tiempos largos de la co... • http://freeradius.org/press/index.html#2.1.10 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 17%CPEs: 21EXPL: 1CVE-2009-3111 – FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service
https://notcve.org/view.php?id=CVE-2009-3111
09 Sep 2009 — The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. La función rad_decode FreeRADIUS anterior a v1.1.8, permite a atacantes remotos provocar una denegación de servicio (caída de radiusd) a través de los atributos zero-length Tunnel-Password. NOTA: esto es ... • https://www.exploit-db.com/exploits/9642 •