CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10982 – freeradius: Out-of-bounds read in fr_dhcp_decode_options()
https://notcve.org/view.php?id=CVE-2017-10982
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Buffer over-read in fr_dhcp_decode_options()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99912 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10982 https://bugzilla.redhat.com/show_bug.cgi?id=1468498 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2017-10987 – freeradius: Buffer over-read in fr_dhcp_decode_suboptions()
https://notcve.org/view.php?id=CVE-2017-10987
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. Un problema FR-GV-304 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" y una denegación de servicio. An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99970 https://access.redhat.com/errata/RHSA-2017:2389 https://access.redhat.com/security/cve/CVE-2017-10987 https://bugzilla.redhat.com/show_bug.cgi?id=1468552 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-10981 – freeradius: Memory leak in fr_dhcp_decode()
https://notcve.org/view.php?id=CVE-2017-10981
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. Un problema FR-GV-204 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una "DHCP - Memory leak in fr_dhcp_decode()" y una denegación de servicio. A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. • http://freeradius.org/security/fuzzer-2017.html http://www.debian.org/security/2017/dsa-3930 http://www.securityfocus.com/bid/99898 http://www.securitytracker.com/id/1038914 https://access.redhat.com/errata/RHSA-2017:1759 https://access.redhat.com/security/cve/CVE-2017-10981 https://bugzilla.redhat.com/show_bug.cgi?id=1468495 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-9148 – freeradius: TLS resumption authentication bypass
https://notcve.org/view.php?id=CVE-2017-9148
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. La caché de una sesión TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir de manera fiable la reanudación de una sesión no autenticada, que permite a los atacantes remotos (como requirentes maliciosos 802.1X) para omitir la autenticación por medio de PEAP o TTLS. An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. • http://freeradius.org/security.html http://seclists.org/oss-sec/2017/q2/422 http://www.securityfocus.com/bid/98734 http://www.securitytracker.com/id/1038576 https://access.redhat.com/errata/RHSA-2017:1581 https://security.gentoo.org/glsa/201706-27 https://access.redhat.com/security/cve/CVE-2017-9148 https://bugzilla.redhat.com/show_bug.cgi?id=1456697 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8763
https://notcve.org/view.php?id=CVE-2015-8763
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. El módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8 permite a atacantes remotos tener un impacto no especificado a través (1) commit o (2) confirmar mensaje, lo que desencadena una lectura fuera de límites. • http://freeradius.org/security.html#eap-pwd-2015 http://www.openwall.com/lists/oss-security/2016/01/08/7 • CWE-125: Out-of-bounds Read •