15 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f https://access.redhat.com/security/cve/CVE-2022-41859 https://bugzilla.redhat.com/show_bug.cgi?id=2078483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e https://access.redhat.com/security/cve/CVE-2022-41861 https://bugzilla.redhat.com/show_bug.cgi?id=2078487 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. En freeradius, cuando un solicitante de EAP-SIM envía una opción SIM desconocida, el servidor intentará buscar esa opción en los diccionarios internos. Esta búsqueda fallará, pero el código SIM no verificará ese error. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a https://access.redhat.com/security/cve/CVE-2022-41860 https://bugzilla.redhat.com/show_bug.cgi?id=2078485 • CWE-476: NULL Pointer Dereference •

CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 2

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." ** EN DISPUTA **Se encontró que freeradius hasta la versión 3.0.19 incluyéndola, no configura correctamente el componente logrotate, lo que permite que un atacante local que ya tiene el control del usuario radiusd escale sus privilegios a root, engañando a logrotate para que escriba un archivo escribible en radiusd en un directorio normalmente inaccesible para el usuario radiusd. NOTA: el mantenedor de software upstream ha declarado que "simplemente no hay forma de que alguien obtenga privilegios a través de este supuesto problema" It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. FreeRadius versions 3.0.19 and below suffer from a privilege escalation vulnerability via insecure logrotate use. • http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Nov/14 https://access.redhat.com/errata/RHSA-2019:3353 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143 https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/pull/2666 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX https://lists.fedoraproject.org/archives/list/ • CWE-250: Execution with Unnecessary Privileges CWE-266: Incorrect Privilege Assignment CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en la curva que se está utilizando", alias "Dragonblood", este problema es similar a CVE-2019-9498 y CVE-2019-9499. A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695748 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-345: Insufficient Verification of Data Authenticity •