CVSS: 9.8EPSS: 77%CPEs: 15EXPL: 0CVE-2017-10984 – freeradius: Out-of-bounds write in data2vp_wimax()
https://notcve.org/view.php?id=CVE-2017-10984
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. Un problema FR-GV-301 en FreeRADIUS versión 3.x anterior a 3.0.15, permite un "Write overflow in data2vp_wimax()" - esto permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario. An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99876 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10984 https://bugzilla.redhat.com/show_bug.cgi?id=1468549 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-10985 – freeradius: Infinite loop and memory exhaustion with 'concat' attributes
https://notcve.org/view.php?id=CVE-2017-10985
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. Un problema FR-GV-302 en FreeRADIUS versión 3.x anterior a 3.0.15, permite un "Infinite loop and memory exhaustion with 'concat' attributes" y una denegación de servicio. A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99968 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10985 https://bugzilla.redhat.com/show_bug.cgi?id=1468550 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 66%CPEs: 15EXPL: 0CVE-2017-10986 – freeradius: Infinite read in dhcp_attr2vp()
https://notcve.org/view.php?id=CVE-2017-10986
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. Un problema FR-GV-303 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una "DHCP - Infinite read in dhcp_attr2vp()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99971 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10986 https://bugzilla.redhat.com/show_bug.cgi?id=1468551 • CWE-125: Out-of-bounds Read CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2017-10987 – freeradius: Buffer over-read in fr_dhcp_decode_suboptions()
https://notcve.org/view.php?id=CVE-2017-10987
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. Un problema FR-GV-304 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99970 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10987 https://bugzilla.redhat.com/show_bug.cgi?id=1468552 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-9148 – freeradius: TLS resumption authentication bypass
https://notcve.org/view.php?id=CVE-2017-9148
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. La caché de una sesión TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir de manera fiable la reanudación de una sesión no autenticada, que permite a los atacantes remotos (como requirentes maliciosos 802.1X) para omitir la autenticación por medio de PEAP o TTLS. An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. • http://freeradius.org/security.html http://seclists.org/oss-sec/2017/q2/422 http://www.securityfocus.com/bid/98734 http://www.securitytracker.com/id/1038576 https://access.redhat.com/errata/RHSA-2017:1581 https://security.gentoo.org/glsa/201706-27 https://access.redhat.com/security/cve/CVE-2017-9148 https://bugzilla.redhat.com/show_bug.cgi?id=1456697 • CWE-287: Improper Authentication •