CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2010-3697 – Gentoo Linux Security Advisory 201311-09
https://notcve.org/view.php?id=CVE-2010-3697
07 Oct 2010 — The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests. La función wait_for_child_to_die en main/event.c en FreeRADIUS v2.1.x anterior a v2.1.10, en determinadas ocaciones genera cortes en la base de datos al no controlar correctamente los tiempos largos de la co... • http://freeradius.org/press/index.html#2.1.10 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 17%CPEs: 21EXPL: 1CVE-2009-3111 – FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service
https://notcve.org/view.php?id=CVE-2009-3111
09 Sep 2009 — The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. La función rad_decode FreeRADIUS anterior a v1.1.8, permite a atacantes remotos provocar una denegación de servicio (caída de radiusd) a través de los atributos zero-length Tunnel-Password. NOTA: esto es ... • https://www.exploit-db.com/exploits/9642 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4474
https://notcve.org/view.php?id=CVE-2008-4474
07 Oct 2008 — freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. freeradius-dialupadmin en freeradius 2.0.4 permite a los usuario locales sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal en (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, y (5) truncate_rada... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2007-2028
https://notcve.org/view.php?id=CVE-2007-2028
13 Apr 2007 — Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. Filtración de memoria en freeRADIUS 1.1.5 y anteriores permite a atacantes remotos provocar denegación de servicio (consumo de memoria) a través de un gran número de conexiones de tunel de EAP-TTL... • http://rhn.redhat.com/errata/RHSA-2007-0338.html •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0080
https://notcve.org/view.php?id=CVE-2007-0080
05 Jan 2007 — Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute ** DISPUTADA** Desbordamiento de búfer en la función SMB_Connect_Serv... • http://osvdb.org/32082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 0CVE-2006-1354
https://notcve.org/view.php?id=CVE-2006-1354
22 Mar 2006 — Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2005-4744
https://notcve.org/view.php?id=CVE-2005-4744
31 Dec 2005 — Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, a... • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4745
https://notcve.org/view.php?id=CVE-2005-4745
31 Dec 2005 — SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-4746
https://notcve.org/view.php?id=CVE-2005-4746
31 Dec 2005 — Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". • http://www.debian.org/security/2006/dsa-1145 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1454
https://notcve.org/view.php?id=CVE-2005-1454
19 May 2005 — SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. • http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html •