CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41859 – freeradius: Information leakage in EAP-PWD
https://notcve.org/view.php?id=CVE-2022-41859
17 Jan 2023 — In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, ... • https://freeradius.org/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41861 – freeradius: Crash on invalid abinary data
https://notcve.org/view.php?id=CVE-2022-41861
04 Jan 2023 — A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. • https://freeradius.org/security • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 3CVE-2019-10143 – freeradius: privilege escalation due to insecure logrotate configuration
https://notcve.org/view.php?id=CVE-2019-10143
24 May 2019 — It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." ** EN DISPUTA **Se encontró que freeradius hasta la ... • https://packetstorm.news/files/id/155361 • CWE-250: Execution with Unnecessary Privileges CWE-266: Incorrect Privilege Assignment CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 6%CPEs: 12EXPL: 0CVE-2019-11235 – freeradius: eap-pwd: authentication bypass via an invalid curve attack
https://notcve.org/view.php?id=CVE-2019-11235
21 Apr 2019 — FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 17%CPEs: 6EXPL: 0CVE-2019-11234 – freeradius: eap-pwd: fake authentication using reflection
https://notcve.org/view.php?id=CVE-2019-11234
21 Apr 2019 — FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. FreeRADIUS antes de 3.0.19 no impide el uso de la reflexión para la autenticación de spoofing, también conocido como "Dragonblood", un problema similar al CVE-2019-9497. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. I... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2011-4966 – freeradius: does not respect expired passwords when using the unix module
https://notcve.org/view.php?id=CVE-2011-4966
12 Mar 2013 — modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente valida... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 17%CPEs: 21EXPL: 1CVE-2009-3111 – FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service
https://notcve.org/view.php?id=CVE-2009-3111
09 Sep 2009 — The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. La función rad_decode FreeRADIUS anterior a v1.1.8, permite a atacantes remotos provocar una denegación de servicio (caída de radiusd) a través de los atributos zero-length Tunnel-Password. NOTA: esto es ... • https://www.exploit-db.com/exploits/9642 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2007-2028
https://notcve.org/view.php?id=CVE-2007-2028
13 Apr 2007 — Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. Filtración de memoria en freeRADIUS 1.1.5 y anteriores permite a atacantes remotos provocar denegación de servicio (consumo de memoria) a través de un gran número de conexiones de tunel de EAP-TTL... • http://rhn.redhat.com/errata/RHSA-2007-0338.html •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0080
https://notcve.org/view.php?id=CVE-2007-0080
05 Jan 2007 — Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute ** DISPUTADA** Desbordamiento de búfer en la función SMB_Connect_Serv... • http://osvdb.org/32082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2004-0960
https://notcve.org/view.php?id=CVE-2004-0960
20 Oct 2004 — FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. • http://security.gentoo.org/glsa/glsa-200409-29.xml •