Page 7 of 48 results (0.034 seconds)

CVSS: 5.0EPSS: 95%CPEs: 21EXPL: 1

CVE-2009-3111 – FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service

https://notcve.org/view.php?id=CVE-2009-3111

The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. La función rad_decode FreeRADIUS anterior a v1.1.8, permite a atacantes remotos provocar una denegación de servicio (caída de radiusd) a través de los atributos zero-length Tunnel-Password. NOTA: esto es una regresión al error relacionado con el CVE-2003-0967. • https://www.exploit-db.com/exploits/9642 http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4 http://intevydis.com/vd-list.shtml http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://secunia.com/advisories/36509 http://support.apple.com/kb/HT3937 http://www.openwall.com/lists/oss-secu •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-4474

https://notcve.org/view.php?id=CVE-2008-4474

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. freeradius-dialupadmin en freeradius 2.0.4 permite a los usuario locales sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal en (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, y (5) truncate_radacct. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin http://lists.debian.org/debian-devel/2008/08/msg00271.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://secunia.com/advisories/32170 http://secunia.com/advisories/33151 http://uvw.ru/report.lenny.txt http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/30901 https://bugs • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-2028

https://notcve.org/view.php?id=CVE-2007-2028

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. Filtración de memoria en freeRADIUS 1.1.5 y anteriores permite a atacantes remotos provocar denegación de servicio (consumo de memoria) a través de un gran número de conexiones de tunel de EAP-TTLS utilizando atributos de formato mal formado de Diameter, lo cual hace que la respuesta de validación sea rechazada pero no recupera la estructura de datos VALUE_PAIR. • http://rhn.redhat.com/errata/RHSA-2007-0338.html http://secunia.com/advisories/24849 http://secunia.com/advisories/24907 http://secunia.com/advisories/24917 http://secunia.com/advisories/24996 http://secunia.com/advisories/25201 http://secunia.com/advisories/25220 http://security.gentoo.org/glsa/glsa-200704-14.xml http://www.freeradius.org/security.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:085 http://www.novell.com/linux/security/advisories/2007_10_ •

CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-0080

https://notcve.org/view.php?id=CVE-2007-0080

Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute ** DISPUTADA** Desbordamiento de búfer en la función SMB_Connect_Server en FreeRadius 1.1.3 y anteriores permite a un atacante remoto ejecutar código arbitrario relacionado con el campo de servidor desthost de una instancia SMB_Handle_Type. NOTA: el impacto de este asunto ha sido disputado por una tercera parte fiable, que dice que la explotación se límita 'exclusivamente a administradores locales que tienen acceso de escritura a los ficheros de configuración de servidores'. CVE está de acuerdo con la disputa. • http://osvdb.org/32082 http://securitytracker.com/id?1017463 http://www.attrition.org/pipermail/vim/2007-February/001304.html http://www.freeradius.org/security.html http://www.securityfocus.com/archive/1/455678/100/0/threaded http://www.securityfocus.com/archive/1/455812/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/31248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2006-1354

https://notcve.org/view.php?id=CVE-2006-1354

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. • ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html http://rhn.redhat.com/errata/RHSA-2006-0271.html http://secunia.com/advisories/19300 http://secunia.com/advisories/19405 http://secunia.com/advisories/19518 http://secunia.com/advisories/19527 http://secunia.com/advisories/19811 http://secunia.com/advisories/20461 http://securitytracker.com/id?1015795 http://www.debian.org/security •