CVE-2022-41859 – freeradius: Information leakage in EAP-PWD
https://notcve.org/view.php?id=CVE-2022-41859
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f https://access.redhat.com/security/cve/CVE-2022-41859 https://bugzilla.redhat.com/show_bug.cgi?id=2078483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVE-2022-41861 – freeradius: Crash on invalid abinary data
https://notcve.org/view.php?id=CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e https://access.redhat.com/security/cve/CVE-2022-41861 https://bugzilla.redhat.com/show_bug.cgi?id=2078487 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2022-41860 – freeradius: Crash on unknown option in EAP-SIM
https://notcve.org/view.php?id=CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. En freeradius, cuando un solicitante de EAP-SIM envía una opción SIM desconocida, el servidor intentará buscar esa opción en los diccionarios internos. Esta búsqueda fallará, pero el código SIM no verificará ese error. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a https://access.redhat.com/security/cve/CVE-2022-41860 https://bugzilla.redhat.com/show_bug.cgi?id=2078485 • CWE-476: NULL Pointer Dereference •
CVE-2019-17185 – freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access
https://notcve.org/view.php?id=CVE-2019-17185
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. En FreeRADIUS versiones 3.0.x anteriores a 3.0.20, el módulo EAP-pwd utilizó una instancia OpenSSL BN_CTX global para manejar todos los protocolos de enlace. Esto significa que varios subprocesos utilizan la misma instancia de BN_CTX simultáneamente, resultando en bloqueos cuando los protocolos de enlace EAP-pwd son iniciados. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://access.redhat.com/security/cve/CVE-2019-17185 https://bugzilla.redhat.com/show_bug.cgi?id=1816680 • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context CWE-662: Improper Synchronization •
CVE-2015-9542
https://notcve.org/view.php?id=CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. La función add_password en el archivo pam_radius_auth.c en pam_radius versión 1.4.0, no verifica correctamente la longitud de la contraseña de entrada y es vulnerable a un desbordamiento del búfer en la región stack de la memoria durante la función memcpy(). Un atacante podría enviar una contraseña diseñada hacia una aplicación (cargando la biblioteca pam_radius) y bloquearla. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542 https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0 https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html https://usn.ubuntu.com/4290-1 https://usn.ubuntu.com/4290-2 • CWE-787: Out-of-bounds Write •