CVE-2017-10982 – freeradius: Out-of-bounds read in fr_dhcp_decode_options()
https://notcve.org/view.php?id=CVE-2017-10982
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Buffer over-read in fr_dhcp_decode_options()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99912 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10982 https://bugzilla.redhat.com/show_bug.cgi?id=1468498 • CWE-125: Out-of-bounds Read •
CVE-2017-10981 – freeradius: Memory leak in fr_dhcp_decode()
https://notcve.org/view.php?id=CVE-2017-10981
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Un problema FR-GV-204 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in fr_dhcp_decode()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99898 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10981 https://bugzilla.redhat.com/show_bug.cgi?id=1468495 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2014-2015 – freeradius: stack-based buffer overflow flaw in rlm_pap module
https://notcve.org/view.php?id=CVE-2014-2015
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. Desbordamiento de buffer basado en pila en la función normify en el módulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, posiblemente 3.0.1 y anteriores, podría permitir a atacantes causar una denagción de servicio (caída) y posiblemente ejecutar código arbitrario a través de un hash de contraseña largo, tal y como fue demostrado por un hash SSHA. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. • http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html http://rhn.redhat.com/errata/RHSA-2015-1287.html http://ubuntu.com/usn/usn-2122-1 http://www.openwall.com/lists/oss-security/2014/02/18/3 http://www.securityfocus.com/bid/65581 https://bugzilla.redhat.com/show_bug.cgi?id=1066761 https://acce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2011-4966 – freeradius: does not respect expired passwords when using the unix module
https://notcve.org/view.php?id=CVE-2011-4966
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente validarse mediante una contraseña caducada. • http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html http://rhn.redhat.com/errata/RHBA-2012-0881.html http://rhn.redhat.com/errata/RHSA-2013-0134.html https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 https://access.redhat.com/security/cve/CVE-2011-4966 https://bugzilla.redhat.com/show_bug.cgi?id=879045 • CWE-255: Credentials Management Errors •
CVE-2008-4474
https://notcve.org/view.php?id=CVE-2008-4474
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. freeradius-dialupadmin en freeradius 2.0.4 permite a los usuario locales sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal en (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, y (5) truncate_radacct. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin http://lists.debian.org/debian-devel/2008/08/msg00271.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://secunia.com/advisories/32170 http://secunia.com/advisories/33151 http://uvw.ru/report.lenny.txt http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/30901 https://bugs • CWE-59: Improper Link Resolution Before File Access ('Link Following') •