Vulnerabilites related to freeradius - freeradius
Vulnerability from fkie_nvd
Published
2019-04-22 11:29
Modified
2024-11-21 04:20
Severity ?
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| fedoraproject | fedora | * | |
| redhat | enterprise_linux | 7.0 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "90C5B6A9-0E46-438C-9EBB-63529AAD1B1D", versionEndExcluding: "3.0.19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", matchCriteriaId: "20294CE7-12C8-43CA-A702-5ED2A3044FFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497.", }, { lang: "es", value: "FreeRADIUS antes de 3.0.19 no impide el uso de la reflexión para la autenticación de spoofing, también conocido como \"Dragonblood\", un problema similar al CVE-2019-9497.", }, ], id: "CVE-2019-11234", lastModified: "2024-11-21T04:20:46.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-22T11:29:03.330", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3954-1/", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3954-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-18 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.1.10 | |
| freeradius | freeradius | 2.1.11 | |
| freeradius | freeradius | 2.1.12 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en la función cbtls_verify en FreeRADIUS v2.1.10 hasta la v2.1.12, cuando se usan los métodos TLS-based EAP, permite a atacantes remotos provocar una denegación de servicio (caída del servidor) y posiblemente ejecutar código a través de un sellado de tiempo \"not after\" largo, en un certificado de un cliente.", }, ], id: "CVE-2012-3547", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-18T17:55:07.850", references: [ { source: "secalert@redhat.com", url: "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://freeradius.org/security.html", }, { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/85325", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1326.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1327.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50484", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50584", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/50637", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/50770", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2012/dsa-2546", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/09/10/2", }, { source: "secalert@redhat.com", url: "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/55483", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1027509", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1585-1", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/85325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1326.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1327.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/50637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/50770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2012/dsa-2546", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/09/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/55483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1027509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1585-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 1.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95ADE53-BFBE-4B06-A1BF-EF576D567554", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.", }, ], id: "CVE-2005-1454", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-19T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/13540", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20449", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/13540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-05 17:59
Modified
2024-11-21 02:31
Severity ?
Summary
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 | |
| freeradius | freeradius | 2.2.0 | |
| freeradius | freeradius | 2.2.1 | |
| freeradius | freeradius | 2.2.2 | |
| freeradius | freeradius | 2.2.3 | |
| freeradius | freeradius | 2.2.4 | |
| freeradius | freeradius | 2.2.5 | |
| freeradius | freeradius | 2.2.6 | |
| freeradius | freeradius | 2.2.7 | |
| suse | linux_enterprise_server | 12 | |
| suse | linux_enterprise_server | 12 | |
| suse | linux_enterprise_server | 12 | |
| suse | linux_enterprise_software_development_kit | 12 | |
| suse | linux_enterprise_software_development_kit | 12 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2595550B-8820-471A-9D23-C40A848B73FE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "15D7F150-6B47-44B8-82A9-5E03AC83B05D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5600607D-209E-4A7B-AC82-657638232D13", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "C236E624-8DE0-46CD-A9F1-951D1CDD9F58", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", matchCriteriaId: "2076747F-A98E-4DD9-9B52-BF1732BCAD3D", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*", matchCriteriaId: "F84B2729-7B52-4505-9656-1BD31B980705", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*", matchCriteriaId: "F2681D87-58A9-4A56-BE97-B00C5061CA32", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", matchCriteriaId: "5A633996-2FD7-467C-BAA6-529E16BD06D1", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", matchCriteriaId: "5F150BD9-4B94-42D3-9E14-58665B7FF220", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.", }, { lang: "es", value: "FreeRADIUS 2.2.x en versiones anteriores a 2.2.8 y 3.0.x en versiones anteriores a 3.0.9 no comprueba adecuadamente la revocación de certificados CA intermedios.", }, ], id: "CVE-2015-4680", lastModified: "2024-11-21T02:31:33.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-05T17:59:00.197", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.ocert.org/advisories/ocert-2015-008.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/535810/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/75327", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032690", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1234975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.ocert.org/advisories/ocert-2015-008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/535810/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/75327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032690", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1234975", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-03-22 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 1.0.0 | |
| freeradius | freeradius | 1.0.1 | |
| freeradius | freeradius | 1.0.2 | |
| freeradius | freeradius | 1.0.3 | |
| freeradius | freeradius | 1.0.4 | |
| freeradius | freeradius | 1.0.5 | |
| freeradius | freeradius | 1.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "49152208-4DBD-4AF7-BCB3-3D56650899F7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "90AF846A-F239-4963-B260-7CB48334B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95ADE53-BFBE-4B06-A1BF-EF576D567554", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4C48FE12-68CB-462D-B75E-204894325F5D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "1321F1E7-4B14-4B16-91D0-AE9E9951D12A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "313EFEC5-1580-4ACE-BB9C-84E3714F2C37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via \"Insufficient input validation\" in the EAP-MSCHAPv2 state machine module.", }, ], id: "CVE-2006-1354", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2006-03-22T02:02:00.000", references: [ { source: "cve@mitre.org", url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { source: "cve@mitre.org", url: "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/19300", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/19405", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/19518", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/19527", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/19811", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/20461", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1015795", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2006/dsa-1089", }, { source: "cve@mitre.org", url: "http://www.freeradius.org/security.html", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/17171", }, { source: "cve@mitre.org", url: "http://www.trustix.org/errata/2006/0020", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2006/1016", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/19300", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/20461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1015795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/17171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2006/0020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2006/1016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 | |
| freeradius | freeradius | 3.0.9 | |
| freeradius | freeradius | 3.0.10 | |
| freeradius | freeradius | 3.0.11 | |
| freeradius | freeradius | 3.0.12 | |
| freeradius | freeradius | 3.0.13 | |
| freeradius | freeradius | 3.0.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "76048BE7-ABC9-4177-A6A6-03CD267708A3", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "00F2F28A-E975-469F-8720-ACAD38230A70", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "D0D08EA5-E832-40D7-9530-079C400B050E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "FAFBD765-22E7-446B-B0E9-FCE7DDB1B90E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "C50B666B-B423-4182-BD9A-8893B66848AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-303 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una \"DHCP - Infinite read in dhcp_attr2vp()\" y una denegación de servicio.", }, ], id: "CVE-2017-10986", lastModified: "2024-11-21T03:06:53.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.430", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99971", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99971", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-01-05 11:28
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "95921E03-2F8B-4E9B-8305-15ECE1A2D20B", versionEndIncluding: "1.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited \"only to local administrators who have write access to the server configuration files.\" CVE concurs with the dispute", }, { lang: "es", value: "** DISPUTADA** Desbordamiento de búfer en la función SMB_Connect_Server en FreeRadius 1.1.3 y anteriores permite a un atacante remoto ejecutar código arbitrario relacionado con el campo de servidor desthost de una instancia SMB_Handle_Type. NOTA: el impacto de este asunto ha sido disputado por una tercera parte fiable, que dice que la explotación se límita 'exclusivamente a administradores locales que tienen acceso de escritura a los ficheros de configuración de servidores'. CVE está de acuerdo con la disputa.", }, ], evaluatorComment: "A buffer overflow in the SMB_Connect_Server function in FreeRADIUS 1.1.4 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. This issue can not be exploited remotely, and can only be exploited by administrators who have write access to the server configuration files.", evaluatorImpact: "-- Official Vendor Statement from the FreeRADIUS Server project\r\n\r\nThis issue is not a security vulnerability. The exploit is available only to local administrators who have write access to the server configuration files. As such, this issue has no security impact on any system running FreeRADIUS.\r\n\r\n-- Official Vendor Statement from the FreeRADIUS Server project\r\n", id: "CVE-2007-0080", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 2.7, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-01-05T11:28:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/32082", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017463", }, { source: "cve@mitre.org", url: "http://www.attrition.org/pipermail/vim/2007-February/001304.html", }, { source: "cve@mitre.org", url: "http://www.freeradius.org/security.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/455678/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/455812/100/0/threaded", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/32082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.attrition.org/pipermail/vim/2007-February/001304.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/455678/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/455812/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. The affected code is in an optional module that is not shipped in Red Hat Enterprise Linux 2.1, 3, or 4.", lastModified: "2007-01-05T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.1 | |
| freeradius | freeradius | 2.0.2 | |
| freeradius | freeradius | 2.0.3 | |
| freeradius | freeradius | 2.0.4 | |
| freeradius | freeradius | 2.0.5 | |
| freeradius | freeradius | 2.1.0 | |
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 2.1.8 | |
| freeradius | freeradius | 2.1.9 | |
| freeradius | freeradius | 2.1.10 | |
| freeradius | freeradius | 2.1.11 | |
| freeradius | freeradius | 2.1.12 | |
| freeradius | freeradius | 2.2.0 | |
| freeradius | freeradius | 2.2.1 | |
| freeradius | freeradius | 2.2.2 | |
| freeradius | freeradius | 2.2.3 | |
| freeradius | freeradius | 2.2.4 | |
| freeradius | freeradius | 2.2.5 | |
| freeradius | freeradius | 2.2.6 | |
| freeradius | freeradius | 2.2.7 | |
| freeradius | freeradius | 2.2.8 | |
| freeradius | freeradius | 2.2.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1F041B7-4DDB-406E-8A89-D2DDABD4AF96", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*", matchCriteriaId: "5DA3BD5F-8CB9-4907-92C5-7A4E884CE1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*", matchCriteriaId: "3D7056CF-FF7C-4175-907A-A47984A82CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2595550B-8820-471A-9D23-C40A848B73FE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "15D7F150-6B47-44B8-82A9-5E03AC83B05D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5600607D-209E-4A7B-AC82-657638232D13", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "C236E624-8DE0-46CD-A9F1-951D1CDD9F58", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "11403C9E-7217-43AF-9BF4-371FA2623C12", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "86A2EC8C-840A-4DB2-8038-7E0E2D704EA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-205 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" y una denegación de servicio.", }, ], id: "CVE-2017-10982", lastModified: "2024-11-21T03:06:53.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.307", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99912", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99912", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 | |
| freeradius | freeradius | 3.0.9 | |
| freeradius | freeradius | 3.0.10 | |
| freeradius | freeradius | 3.0.11 | |
| freeradius | freeradius | 3.0.12 | |
| freeradius | freeradius | 3.0.13 | |
| freeradius | freeradius | 3.0.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "76048BE7-ABC9-4177-A6A6-03CD267708A3", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "00F2F28A-E975-469F-8720-ACAD38230A70", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "D0D08EA5-E832-40D7-9530-079C400B050E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "FAFBD765-22E7-446B-B0E9-FCE7DDB1B90E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "C50B666B-B423-4182-BD9A-8893B66848AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-302 en FreeRADIUS versión 3.x anterior a 3.0.15, permite un \"Infinite loop and memory exhaustion with 'concat' attributes\" y una denegación de servicio.", }, ], id: "CVE-2017-10985", lastModified: "2024-11-21T03:06:53.600", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.400", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99968", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99968", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-24 17:29
Modified
2024-11-21 04:18
Severity ?
Summary
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "CF3F9C8A-3E21-459D-81CF-3C2617FFCCAD", versionEndIncluding: "3.0.19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "secalert@redhat.com", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"", }, { lang: "es", value: "** EN DISPUTA **Se encontró que freeradius hasta la versión 3.0.19 incluyéndola, no configura correctamente el componente logrotate, lo que permite que un atacante local que ya tiene el control del usuario radiusd escale sus privilegios a root, engañando a logrotate para que escriba un archivo escribible en radiusd en un directorio normalmente inaccesible para el usuario radiusd. NOTA: el mantenedor de software upstream ha declarado que \"simplemente no hay forma de que alguien obtenga privilegios a través de este supuesto problema\"", }, ], id: "CVE-2019-10143", lastModified: "2024-11-21T04:18:30.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-24T17:29:02.490", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Nov/14", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3353", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://freeradius.org/security/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/pull/2666", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Nov/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/pull/2666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-250", }, { lang: "en", value: "CWE-266", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-22 11:29
Modified
2024-11-21 04:20
Severity ?
Summary
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| fedoraproject | fedora | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| canonical | ubuntu_linux | 19.04 | |
| opensuse | leap | 15.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "90C5B6A9-0E46-438C-9EBB-63529AAD1B1D", versionEndExcluding: "3.0.19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", matchCriteriaId: "D3FEADDA-2AEE-4F65-9401-971B585664A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.", }, { lang: "es", value: "FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección \"cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en la curva que se está utilizando\", alias \"Dragonblood\", este problema es similar a CVE-2019-9498 y CVE-2019-9499.", }, ], id: "CVE-2019-11235", lastModified: "2024-11-21T04:20:47.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-22T11:29:03.517", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3954-1/", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3954-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.1 | |
| freeradius | freeradius | 2.0.2 | |
| freeradius | freeradius | 2.0.3 | |
| freeradius | freeradius | 2.0.4 | |
| freeradius | freeradius | 2.0.5 | |
| freeradius | freeradius | 2.1.0 | |
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 2.1.8 | |
| freeradius | freeradius | 2.1.9 | |
| freeradius | freeradius | 2.1.10 | |
| freeradius | freeradius | 2.1.11 | |
| freeradius | freeradius | 2.1.12 | |
| freeradius | freeradius | 2.2.0 | |
| freeradius | freeradius | 2.2.1 | |
| freeradius | freeradius | 2.2.2 | |
| freeradius | freeradius | 2.2.3 | |
| freeradius | freeradius | 2.2.4 | |
| freeradius | freeradius | 2.2.5 | |
| freeradius | freeradius | 2.2.6 | |
| freeradius | freeradius | 2.2.7 | |
| freeradius | freeradius | 2.2.8 | |
| freeradius | freeradius | 2.2.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1F041B7-4DDB-406E-8A89-D2DDABD4AF96", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*", matchCriteriaId: "5DA3BD5F-8CB9-4907-92C5-7A4E884CE1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*", matchCriteriaId: "3D7056CF-FF7C-4175-907A-A47984A82CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2595550B-8820-471A-9D23-C40A848B73FE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "15D7F150-6B47-44B8-82A9-5E03AC83B05D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5600607D-209E-4A7B-AC82-657638232D13", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "C236E624-8DE0-46CD-A9F1-951D1CDD9F58", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "11403C9E-7217-43AF-9BF4-371FA2623C12", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "86A2EC8C-840A-4DB2-8038-7E0E2D704EA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", }, { lang: "es", value: "Un problema FR-GV-202 en FreeRADIUS versión 2.x anterior a 2.2.10, permite un \"Write overflow in rad_coalesce()\" - esto permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario.", }, ], id: "CVE-2017-10979", lastModified: "2024-11-21T03:06:52.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.210", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99901", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99901", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-09 12:15
Modified
2025-03-18 16:15
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| broadcom | brocade_sannav | - | |
| broadcom | fabric_operating_system | - | |
| sonicwall | sonicos | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "1C73FF4C-13DE-4050-BD56-447F9382AA4D", versionEndExcluding: "3.0.27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*", matchCriteriaId: "75B1EDA5-F189-440D-AD0E-C70DD2C0FEE5", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:*", matchCriteriaId: "1CF61DAA-8295-4407-B125-1714E1565965", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", }, { lang: "es", value: "El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta utilizando un ataque de colisión de prefijo elegido contra la firma del autenticador de respuesta MD5. .", }, ], id: "CVE-2024-3596", lastModified: "2025-03-18T16:15:22.140", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-09T12:15:20.700", references: [ { source: "cret@cert.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/07/09/4", }, { source: "cret@cert.org", tags: [ "Technical Description", ], url: "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/", }, { source: "cret@cert.org", tags: [ "Technical Description", ], url: "https://datatracker.ietf.org/doc/html/rfc2865", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014", }, { source: "cret@cert.org", tags: [ "Technical Description", ], url: "https://www.blastradius.fail/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/07/09/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://datatracker.ietf.org/doc/html/rfc2865", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240822-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", ], url: "https://www.blastradius.fail/", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-354", }, { lang: "en", value: "CWE-924", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-328", }, { lang: "en", value: "CWE-354", }, { lang: "en", value: "CWE-924", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2010-10-07 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.1.0 | |
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 2.1.8 | |
| freeradius | freeradius | 2.1.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.", }, { lang: "es", value: "La función wait_for_child_to_die en main/event.c en FreeRADIUS v2.1.x anterior a v2.1.10, en determinadas ocaciones genera cortes en la base de datos al no controlar correctamente los tiempos largos de la cola de peticiones, permitiendo de esta forma a atacantes remotos provocar una denegación de servicio ( caída del servicio) mediante el envío de muchas peticiones.", }, ], id: "CVE-2010-3697", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-10-07T21:00:03.500", references: [ { source: "secalert@redhat.com", url: "http://freeradius.org/press/index.html#2.1.10", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41621", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, { source: "secalert@redhat.com", url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=639397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://freeradius.org/press/index.html#2.1.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=639397", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 | |
| freeradius | freeradius | 3.0.9 | |
| freeradius | freeradius | 3.0.10 | |
| freeradius | freeradius | 3.0.11 | |
| freeradius | freeradius | 3.0.12 | |
| freeradius | freeradius | 3.0.13 | |
| freeradius | freeradius | 3.0.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "76048BE7-ABC9-4177-A6A6-03CD267708A3", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "00F2F28A-E975-469F-8720-ACAD38230A70", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "D0D08EA5-E832-40D7-9530-079C400B050E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "FAFBD765-22E7-446B-B0E9-FCE7DDB1B90E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "C50B666B-B423-4182-BD9A-8893B66848AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", }, { lang: "es", value: "Un problema FR-GV-301 en FreeRADIUS versión 3.x anterior a 3.0.15, permite un \"Write overflow in data2vp_wimax()\" - esto permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) o posiblemente ejecutar código arbitrario.", }, ], id: "CVE-2017-10984", lastModified: "2024-11-21T03:06:53.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.367", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99876", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99876", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-29 17:29
Modified
2024-11-21 03:35
Severity ?
Summary
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 | |
| freeradius | freeradius | 3.0.9 | |
| freeradius | freeradius | 3.1.0 | |
| freeradius | freeradius | 3.1.1 | |
| freeradius | freeradius | 3.1.2 | |
| freeradius | freeradius | 3.1.3 | |
| freeradius | freeradius | 4.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "78140938-FD3B-442E-B906-7705CDFF853D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "354381FC-52F3-4377-8DE0-75FC0D2D7FD2", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D829A428-71E8-4EB4-A8D7-BD5B673AA51F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "8F800631-5190-410F-B11D-02CF956D5B93", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8AA8D994-16CB-44F0-95FE-7AFECB56C949", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", }, { lang: "es", value: "La caché de una sesión TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir de manera fiable la reanudación de una sesión no autenticada, que permite a los atacantes remotos (como requirentes maliciosos 802.1X) para omitir la autenticación por medio de PEAP o TTLS.", }, ], id: "CVE-2017-9148", lastModified: "2024-11-21T03:35:26.163", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-29T17:29:00.200", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "VDB Entry", ], url: "http://seclists.org/oss-sec/2017/q2/422", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98734", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1038576", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:1581", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201706-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "VDB Entry", ], url: "http://seclists.org/oss-sec/2017/q2/422", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201706-27", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-03 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| linux | linux_kernel | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "B292FDAF-75A6-4B45-B7DA-BD2F624CF165", versionEndIncluding: "3.0.19", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494.", }, { lang: "es", value: "En FreeRADIUS versiones 3.0 hasta 3.0.19, en promedio 1 de cada 2048 protocolos de enlace EAP-pwd presenta un fallo porque el elemento de contraseña no puede ser encontrado dentro de las 10 iteraciones del bucle de tipo \"hunting and pecking\". Esto filtra información que un atacante puede utilizar para recuperar la contraseña de cualquier usuario. Este filtrado de información es similar al ataque \"Dragonblood\" y al CVE-2019-9494.", }, ], id: "CVE-2019-13456", lastModified: "2024-11-21T04:24:56.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-03T20:15:11.013", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737663", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://wpa3.mathyvanhoef.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://wpa3.mathyvanhoef.com", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-10-07 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.1.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "La función fr_dhcp_decode en lib/dhcp.c en FreeRADIUS v2.1.9, en determinadas compilaciones (no por defecto), no maneja adecuadamente la opción DHCP Relay Agent Information, lo cual permite a atacantes remotos provocar una denegación de servicio (bucle infinito y corte del servicio) a través de un paquete que tiene más de una sub-opción. NOTA: algunos de estos detalles han sido obtenidos de información de terceros.", }, ], id: "CVE-2010-3696", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-10-07T21:00:03.437", references: [ { source: "secalert@redhat.com", url: "http://freeradius.org/press/index.html#2.1.10", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41621", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=639390", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://freeradius.org/press/index.html#2.1.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41621", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=639390", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-02 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.0 | |
| freeradius | freeradius | 2.0.1 | |
| freeradius | freeradius | 2.0.2 | |
| freeradius | freeradius | 2.0.3 | |
| freeradius | freeradius | 2.0.4 | |
| freeradius | freeradius | 2.0.5 | |
| freeradius | freeradius | 2.1.0 | |
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 2.1.8 | |
| freeradius | freeradius | 2.1.9 | |
| freeradius | freeradius | 2.1.10 | |
| freeradius | freeradius | 2.1.11 | |
| freeradius | freeradius | 2.1.12 | |
| freeradius | freeradius | 2.2.0 | |
| freeradius | freeradius | 2.2.1 | |
| freeradius | freeradius | 2.2.2 | |
| freeradius | freeradius | 2.2.3 | |
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*", matchCriteriaId: "D5C0C0C3-970F-4936-BEBB-19FACF4E958B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.", }, { lang: "es", value: "Desbordamiento de buffer basado en pila en la función normify en el módulo rlm_pap (modules/rlm_pap/rlm_pap.c) en FreeRADIUS 2.x, posiblemente 2.2.3 y anteriores, y 3.x, posiblemente 3.0.1 y anteriores, podría permitir a atacantes causar una denagción de servicio (caída) y posiblemente ejecutar código arbitrario a través de un hash de contraseña largo, tal y como fue demostrado por un hash SSHA.", }, ], id: "CVE-2014-2015", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-02T00:55:03.313", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html", }, { source: "cve@mitre.org", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html", }, { source: "cve@mitre.org", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2015-1287.html", }, { source: "cve@mitre.org", url: "http://ubuntu.com/usn/usn-2122-1", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2014/02/18/3", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/65581", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-1287.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ubuntu.com/usn/usn-2122-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2014/02/18/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2024-11-21 02:39
Severity ?
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://freeradius.org/security.html#eap-pwd-2015 | Not Applicable | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/01/08/7 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://freeradius.org/security.html#eap-pwd-2015 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/08/7 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.", }, { lang: "es", value: "El módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del servidor) a través de un paquete EAP-PWD de longitud cero.", }, ], id: "CVE-2015-8762", lastModified: "2024-11-21T02:39:07.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-27T17:59:00.290", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-10-07 21:11
Modified
2025-04-09 00:30
Severity ?
Summary
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.", }, { lang: "es", value: "freeradius-dialupadmin en freeradius 2.0.4 permite a los usuario locales sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal en (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, y (5) truncate_radacct.", }, ], id: "CVE-2008-4474", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-10-07T21:11:38.510", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", }, { source: "cve@mitre.org", url: "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", }, { source: "cve@mitre.org", url: "http://lists.debian.org/debian-devel/2008/08/msg00271.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32170", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33151", }, { source: "cve@mitre.org", url: "http://uvw.ru/report.lenny.txt", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/10/30/2", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30901", }, { source: "cve@mitre.org", url: "https://bugs.gentoo.org/show_bug.cgi?id=235770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.debian.org/debian-devel/2008/08/msg00271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32170", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33151", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://uvw.ru/report.lenny.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/10/30/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30901", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/show_bug.cgi?id=235770", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 3, 4, or 5.", lastModified: "2009-02-06T02:00:36.217", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-12-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A8F21A-1305-4313-8BBF-1792ED4CB703", versionEndIncluding: "0.9.3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.", }, { lang: "es", value: "Desbordamiento de búfer en la pila en SMB_Logon_Server del módulo experimental rlm_smb de FreeRADIUS 0.9.3 y anteriores permite a atacantes remotos ejecutar código arbitrario mediante un atributo User-Password largo.", }, ], id: "CVE-2003-0968", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-12-15T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=106986437621130&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=106986437621130&w=2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2024-11-21 02:39
Severity ?
Summary
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://freeradius.org/security.html#eap-pwd-2015 | Not Applicable | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/01/08/7 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://freeradius.org/security.html#eap-pwd-2015 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/08/7 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.", }, { lang: "es", value: "Error por un paso en el módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8, lo que desencadena un desbordamiento de búfer.", }, ], id: "CVE-2015-8764", lastModified: "2024-11-21T02:39:08.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-27T17:59:00.350", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-17 18:15
Modified
2025-04-07 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://freeradius.org/security/ | Patch, Vendor Advisory | |
| secalert@redhat.com | https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://freeradius.org/security/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA70644-1F3C-4B83-BE2A-F865085CD979", versionEndExcluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.", }, { lang: "es", value: "En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea.", }, ], id: "CVE-2022-41859", lastModified: "2025-04-07T17:15:34.067", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-17T18:15:11.287", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-03-04 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ascend:radius:1.16:*:*:*:*:*:*:*", matchCriteriaId: "C0717614-9C92-4C20-9D65-0E488C97FAD5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", matchCriteriaId: "5AEDD86F-92B9-43EC-80E3-54010E249FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDB110B-4057-4BA4-993A-9DA14888A093", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*", matchCriteriaId: "F5B0DFDC-913E-4358-9BF1-6AA1F871CB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*", matchCriteriaId: "F332DA97-B327-45E0-8948-18C2C7278757", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*", matchCriteriaId: "67632403-328E-4149-B0EC-2B563DDD7FD8", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*", matchCriteriaId: "0F6945F8-EB40-4205-9585-3BF9A132406E", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.14:*:*:*:*:*:*:*", matchCriteriaId: "2A28A174-45A4-4886-8C87-2D475F9ABF18", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.15:*:*:*:*:*:*:*", matchCriteriaId: "A949E3FF-5360-4FC1-95E5-AB5080156D77", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.16:*:*:*:*:*:*:*", matchCriteriaId: "D000F534-1BF0-40A8-BD2B-9EBAF71D6FA3", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.17:*:*:*:*:*:*:*", matchCriteriaId: "15253C62-0FCC-4699-9CC5-486F23CDD1E7", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.17b:*:*:*:*:*:*:*", matchCriteriaId: "D01B8A1D-A4EC-4B92-A9EC-BECB35185ECC", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.18:*:*:*:*:*:*:*", matchCriteriaId: "10DD81E4-732C-4F23-80A7-987FCC0511D3", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.18.1:*:*:*:*:*:*:*", matchCriteriaId: "28A5F502-7DA3-44E2-AEFB-6D1FD7121F7C", vulnerable: true, }, { criteria: "cpe:2.3:a:livingston:radius:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8C2894BE-AE8B-491C-A776-5D2821D4DFB4", vulnerable: true, }, { criteria: "cpe:2.3:a:livingston:radius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "92CD1A39-33F6-47C3-8899-286C07C9C219", vulnerable: true, }, { criteria: "cpe:2.3:a:livingston:radius:2.1:*:*:*:*:*:*:*", matchCriteriaId: "E3133364-7726-4BFA-A552-03533F762161", vulnerable: true, }, { criteria: "cpe:2.3:a:lucent:radius:2.0:*:*:*:*:*:*:*", matchCriteriaId: "96927B69-BA71-460B-8A59-CF3FC93C9661", vulnerable: true, }, { criteria: "cpe:2.3:a:lucent:radius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "056AD200-84E8-4B99-863F-C1D61A6B4C7F", vulnerable: true, }, { criteria: "cpe:2.3:a:lucent:radius:2.1:*:*:*:*:*:*:*", matchCriteriaId: "6FCE2BA9-35E0-410A-B9CC-C77C9D95338E", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "4999A95F-9124-4585-B78C-34B8CDA87250", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "28DC815B-6648-4C3A-A66C-264EE6903CE7", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "627CD710-183C-433B-9CC6-804C8A726FE4", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FA442BB3-4DAE-402C-8F3C-DFCA4C3EE63A", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "DE605C8B-316E-4C04-B5D1-97A0E2719DBB", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*", matchCriteriaId: "13CF26C7-90DB-46FB-AE08-936FF7C324F9", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.8:*:*:*:*:*:*:*", matchCriteriaId: "15B965F5-E32D-4824-9A4B-0A2507CD167E", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C211927E-DE7F-450F-918B-DC3EAF6C5743", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "6A74F1BA-3E1A-4073-A290-C086B6388F75", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "CDDB28FF-D0B4-45A4-A2E7-C56B4D660204", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "5263133F-0C92-4C16-B933-71AEAE9C33BC", vulnerable: true, }, { criteria: "cpe:2.3:a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "ACE414B4-5E23-4DE9-AD86-8FE51CCE723B", vulnerable: true, }, { criteria: "cpe:2.3:a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*", matchCriteriaId: "F6713B65-D941-4DCE-AA63-FE0B408E575B", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "7326E7C2-F310-4820-A36D-C7045E6ED721", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "C37D50E1-E8E1-4D07-93D2-D8DEE13872D9", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*", matchCriteriaId: "792AB6F5-0916-482B-A868-BC41B7A6EFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*", matchCriteriaId: "F4A295E4-7D6D-4906-84D4-BB80AF58422E", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*", matchCriteriaId: "9A1FEC14-198C-46D1-8F96-9D91B9733A55", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*", matchCriteriaId: "DB2830F3-FB3A-4833-9027-B4933BA813ED", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "95CC863F-9448-4692-AB9C-BA218D2313CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.", }, ], id: "CVE-2001-1376", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-03-04T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://online.securityfocus.com/archive/1/239784", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/589523", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3530", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://online.securityfocus.com/archive/1/239784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/589523", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "931095C5-0533-4126-A574-9544C6F158BB", versionEndIncluding: "1.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.", }, { lang: "es", value: "FreeRADIUS anteriores a 1.0.1 permite a atacantes remotos causar una denegación de servicio (caída del servidor) enviando un atributo Ascend-Send-Secret sin el paquete de encabezado requerido.", }, ], id: "CVE-2004-0938", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2004-11-03T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.osvdb.org/10178", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11222", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.osvdb.org/10178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-17 18:15
Modified
2025-04-07 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://freeradius.org/security/ | Patch, Vendor Advisory | |
| secalert@redhat.com | https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://freeradius.org/security/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "6A19F4F3-C514-4FDC-B3A3-0E688BD43247", versionEndIncluding: "3.0.25", versionStartIncluding: "0.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.", }, { lang: "es", value: "En freeradius, cuando un solicitante de EAP-SIM envía una opción SIM desconocida, el servidor intentará buscar esa opción en los diccionarios internos. Esta búsqueda fallará, pero el código SIM no verificará ese error. En su lugar, eliminará la referencia a un puntero NULL y provocará que el servidor falle.", }, ], id: "CVE-2022-41860", lastModified: "2025-04-07T17:15:34.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-17T18:15:11.387", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.1 | |
| freeradius | freeradius | 2.0.2 | |
| freeradius | freeradius | 2.0.3 | |
| freeradius | freeradius | 2.0.4 | |
| freeradius | freeradius | 2.0.5 | |
| freeradius | freeradius | 2.1.0 | |
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 2.1.8 | |
| freeradius | freeradius | 2.1.9 | |
| freeradius | freeradius | 2.1.10 | |
| freeradius | freeradius | 2.1.11 | |
| freeradius | freeradius | 2.1.12 | |
| freeradius | freeradius | 2.2.0 | |
| freeradius | freeradius | 2.2.1 | |
| freeradius | freeradius | 2.2.2 | |
| freeradius | freeradius | 2.2.3 | |
| freeradius | freeradius | 2.2.4 | |
| freeradius | freeradius | 2.2.5 | |
| freeradius | freeradius | 2.2.6 | |
| freeradius | freeradius | 2.2.7 | |
| freeradius | freeradius | 2.2.8 | |
| freeradius | freeradius | 2.2.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1F041B7-4DDB-406E-8A89-D2DDABD4AF96", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*", matchCriteriaId: "5DA3BD5F-8CB9-4907-92C5-7A4E884CE1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*", matchCriteriaId: "3D7056CF-FF7C-4175-907A-A47984A82CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2595550B-8820-471A-9D23-C40A848B73FE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "15D7F150-6B47-44B8-82A9-5E03AC83B05D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5600607D-209E-4A7B-AC82-657638232D13", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "C236E624-8DE0-46CD-A9F1-951D1CDD9F58", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "11403C9E-7217-43AF-9BF4-371FA2623C12", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "86A2EC8C-840A-4DB2-8038-7E0E2D704EA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-204 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una \"DHCP - Memory leak in fr_dhcp_decode()\" y una denegación de servicio.", }, ], id: "CVE-2017-10981", lastModified: "2024-11-21T03:06:52.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.273", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99898", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99898", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "01D07DE7-862C-46DB-94AD-50A74DED1581", versionEndExcluding: "2.2.10", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "AAEC9608-EA95-46FD-B370-A2A54821B7B8", versionEndExcluding: "3.0.15", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "21690BAC-2129-4A33-9B48-1F3BF30072A9", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-201 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite un \"Read / write overflow in make_secret()\" y una denegación de servicio.", }, ], id: "CVE-2017-10978", lastModified: "2024-11-21T03:06:52.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.180", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99893", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99893", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-04 02:45
Modified
2025-04-11 00:51
Severity ?
Summary
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.1.11 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.", }, { lang: "es", value: "La función ocsp_check de rlm_eap_tls.c de FreeRADIUS 2.1.11, si OCSP está habilitado, no analiza correctamente la sintaxis (\"parse\") de las respuestas de los agentes transmisores OCSP, lo que permite a atacantes remotos evitar la autenticación usando el protocolo EAP-TLS con un certificado cliente X.509 revocado.", }, ], id: "CVE-2011-2701", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-04T02:45:32.297", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45425", }, { source: "secalert@redhat.com", url: "http://securityreason.com/securityalert/8325", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1025833", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2011/07/15/6", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2011/07/18/2", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2011/07/20/9", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/518974/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/48880", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=724815", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782", }, { source: "secalert@redhat.com", url: "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45425", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/8325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1025833", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/07/15/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/07/18/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/07/20/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/518974/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/48880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=724815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-12-15 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "9F80EF7F-BDC2-4D5E-B878-3F0BA3959485", versionEndIncluding: "0.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.", }, { lang: "es", value: "rad_decode en FreeRADIUS 0.9.2 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante una cadena de atributo RADIUS corta con una etiqueta, lo que hace se llame a memcpy con un argumento de longitud -1, como se ha demostrado usando el atributo \"Tunnel-Password\".", }, ], id: "CVE-2003-0967", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-12-15T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=106935911101493&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=106944220426970", }, { source: "cve@mitre.org", url: "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2003-386.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=106935911101493&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=106944220426970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2003-386.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 | |
| freeradius | freeradius | 3.0.9 | |
| freeradius | freeradius | 3.0.10 | |
| freeradius | freeradius | 3.0.11 | |
| freeradius | freeradius | 3.0.12 | |
| freeradius | freeradius | 3.0.13 | |
| freeradius | freeradius | 3.0.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "76048BE7-ABC9-4177-A6A6-03CD267708A3", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "00F2F28A-E975-469F-8720-ACAD38230A70", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "D0D08EA5-E832-40D7-9530-079C400B050E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "FAFBD765-22E7-446B-B0E9-FCE7DDB1B90E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "C50B666B-B423-4182-BD9A-8893B66848AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-304 en FreeRADIUS versión 3.x anterior a 3.0.15, permite una \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" y una denegación de servicio.", }, ], id: "CVE-2017-10987", lastModified: "2024-11-21T03:06:53.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.460", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99970", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-04-13 18:19
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "D9C422CB-4D04-43F5-A10C-CD5B216E6D28", versionEndIncluding: "1.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.", }, { lang: "es", value: "Filtración de memoria en freeRADIUS 1.1.5 y anteriores permite a atacantes remotos provocar denegación de servicio (consumo de memoria) a través de un gran número de conexiones de tunel de EAP-TTLS utilizando atributos de formato mal formado de Diameter, lo cual hace que la respuesta de validación sea rechazada pero no recupera la estructura de datos VALUE_PAIR.", }, ], id: "CVE-2007-2028", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-04-13T18:19:00.000", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2007-0338.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/24849", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/24907", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/24917", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/24996", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/25201", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/25220", }, { source: "secalert@redhat.com", url: "http://security.gentoo.org/glsa/glsa-200704-14.xml", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security.html", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2007_10_sr.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/23466", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1018042", }, { source: "secalert@redhat.com", url: "http://www.trustix.org/errata/2007/0013/", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2007/1369", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2007-0338.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24849", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24917", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24996", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/25220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200704-14.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_10_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/23466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1018042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trustix.org/errata/2007/0013/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/1369", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2024-11-21 02:39
Severity ?
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://freeradius.org/security.html#eap-pwd-2015 | Not Applicable | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/01/08/7 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://freeradius.org/security.html#eap-pwd-2015 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/08/7 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 3.0.0 | |
| freeradius | freeradius | 3.0.1 | |
| freeradius | freeradius | 3.0.2 | |
| freeradius | freeradius | 3.0.3 | |
| freeradius | freeradius | 3.0.4 | |
| freeradius | freeradius | 3.0.5 | |
| freeradius | freeradius | 3.0.6 | |
| freeradius | freeradius | 3.0.7 | |
| freeradius | freeradius | 3.0.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.", }, { lang: "es", value: "El módulo EAP-PWD en FreeRADIUS 3.0 hasta la versión 3.0.8 permite a atacantes remotos tener un impacto no especificado a través (1) commit o (2) confirmar mensaje, lo que desencadena una lectura fuera de límites.", }, ], id: "CVE-2015-8763", lastModified: "2024-11-21T02:39:07.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-27T17:59:00.320", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-12 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "45C6E852-B6B5-4598-84B0-8D55932928F8", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "5FFA82DC-988E-4351-B8AD-ACC4E73625F0", versionEndIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*", matchCriteriaId: "EE9FC274-5453-4A3D-9FD4-55D2E0283D0B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", matchCriteriaId: "5AEDD86F-92B9-43EC-80E3-54010E249FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDB110B-4057-4BA4-993A-9DA14888A093", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*", matchCriteriaId: "52C8708B-4D1A-48A7-87DF-DF4B53E66D06", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*", matchCriteriaId: "0369C1A6-A0FE-4BF8-89F5-5ED384565DAC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*", matchCriteriaId: "87DBE446-220E-4838-808D-AA67C0254051", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*", matchCriteriaId: "E42DCF34-E0AE-4DAC-83EE-4A344768C673", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "EBBD2835-6588-44AC-B0FE-534855AF9537", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*", matchCriteriaId: "1638CC08-8886-4863-8532-883A8616592F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "0E4FD4F2-0449-4562-ABF2-927206CB77DD", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*", matchCriteriaId: "636F3F00-97A5-4497-A6A9-722AFC5BD689", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*", matchCriteriaId: "660E3D6D-414D-436D-B256-0B49E701F757", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "EECDFCD7-0189-4C59-842D-C5F9064033A0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "AD634946-ED9B-47EB-8D0F-88EA6057D17C", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "49152208-4DBD-4AF7-BCB3-3D56650899F7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "90AF846A-F239-4963-B260-7CB48334B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95ADE53-BFBE-4B06-A1BF-EF576D567554", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4C48FE12-68CB-462D-B75E-204894325F5D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "1321F1E7-4B14-4B16-91D0-AE9E9951D12A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "313EFEC5-1580-4ACE-BB9C-84E3714F2C37", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "E023DE32-302F-42CC-8C3A-68CFFB400609", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "EDE68525-9B4E-4444-BAD3-1F98BCF9C312", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "5B93BEF0-09C1-4DF8-8761-582DE975F306", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8ACE0558-F9FC-4B2C-96BD-7146D32A1637", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "4F927232-6275-497E-BF09-B4DCF19642C0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "F07F89D7-504B-4892-9840-A3FED5274F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*", matchCriteriaId: "7E1917D7-8E6B-4208-A632-CC2C25FEF1BC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*", matchCriteriaId: "2121418C-4710-447D-9582-F535EDD2BF36", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*", matchCriteriaId: "D5C0C0C3-970F-4936-BEBB-19FACF4E958B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.", }, { lang: "es", value: "modules/rlm_unix/rlm_unix.c en FreeRADIUS anterior a v2.2.0, cuando el modo unix está activado para la autenticación de usuarios, no valida adecuadamente la expiración de la contraseña en /etc/shadow, lo que permite a usuarios autenticados remotamente validarse mediante una contraseña caducada.", }, ], id: "CVE-2011-4966", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-12T23:55:01.337", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHBA-2012-0881.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0134.html", }, { source: "secalert@redhat.com", url: "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHBA-2012-0881.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0134.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-21 01:15
Modified
2024-11-21 04:31
Severity ?
Summary
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://freeradius.org/security/ | Vendor Advisory | |
| cve@mitre.org | https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://freeradius.org/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "02C9C42A-8038-4469-9745-5A19023A96ED", versionEndExcluding: "3.0.20", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.", }, { lang: "es", value: "En FreeRADIUS versiones 3.0.x anteriores a 3.0.20, el módulo EAP-pwd utilizó una instancia OpenSSL BN_CTX global para manejar todos los protocolos de enlace. Esto significa que varios subprocesos utilizan la misma instancia de BN_CTX simultáneamente, resultando en bloqueos cuando los protocolos de enlace EAP-pwd son iniciados. Esto puede ser abusado por un adversario como un ataque de Denegación de Servicio (DoS).", }, ], id: "CVE-2019-17185", lastModified: "2024-11-21T04:31:49.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-21T01:15:12.243", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-662", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 1.0.3 | |
| freeradius | freeradius | 1.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4C48FE12-68CB-462D-B75E-204894325F5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.", }, ], evaluatorSolution: "The vendor released version 1.1.1 to address this issue.", id: "CVE-2005-4745", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://www.debian.org/security/2006/dsa-1145", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security.html", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/19323", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/17294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/19323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/17294", }, ], sourceIdentifier: "secalert@redhat.com", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.", lastModified: "2006-08-30T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-09-09 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * | |
| freeradius | freeradius | 0.2 | |
| freeradius | freeradius | 0.3 | |
| freeradius | freeradius | 0.4 | |
| freeradius | freeradius | 0.5 | |
| freeradius | freeradius | 0.8 | |
| freeradius | freeradius | 0.8.1 | |
| freeradius | freeradius | 0.9 | |
| freeradius | freeradius | 0.9.1 | |
| freeradius | freeradius | 0.9.2 | |
| freeradius | freeradius | 0.9.3 | |
| freeradius | freeradius | 1.0.0 | |
| freeradius | freeradius | 1.0.1 | |
| freeradius | freeradius | 1.0.2 | |
| freeradius | freeradius | 1.0.3 | |
| freeradius | freeradius | 1.0.4 | |
| freeradius | freeradius | 1.0.5 | |
| freeradius | freeradius | 1.1.0 | |
| freeradius | freeradius | 1.1.3 | |
| freeradius | freeradius | 1.1.5 | |
| freeradius | freeradius | 1.1.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "F6D6F259-6145-48C9-A81B-5A331F43A76D", versionEndIncluding: "1.1.7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", matchCriteriaId: "5AEDD86F-92B9-43EC-80E3-54010E249FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDB110B-4057-4BA4-993A-9DA14888A093", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*", matchCriteriaId: "52C8708B-4D1A-48A7-87DF-DF4B53E66D06", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*", matchCriteriaId: "0369C1A6-A0FE-4BF8-89F5-5ED384565DAC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*", matchCriteriaId: "1638CC08-8886-4863-8532-883A8616592F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "0E4FD4F2-0449-4562-ABF2-927206CB77DD", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*", matchCriteriaId: "636F3F00-97A5-4497-A6A9-722AFC5BD689", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "EECDFCD7-0189-4C59-842D-C5F9064033A0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "AD634946-ED9B-47EB-8D0F-88EA6057D17C", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "49152208-4DBD-4AF7-BCB3-3D56650899F7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "90AF846A-F239-4963-B260-7CB48334B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95ADE53-BFBE-4B06-A1BF-EF576D567554", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4C48FE12-68CB-462D-B75E-204894325F5D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "1321F1E7-4B14-4B16-91D0-AE9E9951D12A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "313EFEC5-1580-4ACE-BB9C-84E3714F2C37", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "5B93BEF0-09C1-4DF8-8761-582DE975F306", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*", matchCriteriaId: "4F927232-6275-497E-BF09-B4DCF19642C0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*", matchCriteriaId: "F07F89D7-504B-4892-9840-A3FED5274F5A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.", }, { lang: "es", value: "La función rad_decode FreeRADIUS anterior a v1.1.8, permite a atacantes remotos provocar una denegación de servicio (caída de radiusd) a través de los atributos zero-length Tunnel-Password. NOTA: esto es una regresión al error relacionado con el CVE-2003-0967.", }, ], id: "CVE-2009-3111", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-09-09T18:30:00.860", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", }, { source: "cve@mitre.org", url: "http://intevydis.com/vd-list.shtml", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/36509", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3937", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2009/09/09/1", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2009-1451.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/36263", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/3184", }, { source: "cve@mitre.org", url: "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://intevydis.com/vd-list.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/36509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2009/09/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2009-1451.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/36263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/3184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 0.2 | |
| freeradius | freeradius | 0.3 | |
| freeradius | freeradius | 0.4 | |
| freeradius | freeradius | 0.5 | |
| freeradius | freeradius | 0.8 | |
| freeradius | freeradius | 0.8.1 | |
| freeradius | freeradius | 0.9 | |
| freeradius | freeradius | 0.9.1 | |
| freeradius | freeradius | 0.9.2 | |
| freeradius | freeradius | 0.9.3 | |
| freeradius | freeradius | 1.0.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | fedora_core | core_2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", matchCriteriaId: "5AEDD86F-92B9-43EC-80E3-54010E249FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDB110B-4057-4BA4-993A-9DA14888A093", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*", matchCriteriaId: "52C8708B-4D1A-48A7-87DF-DF4B53E66D06", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*", matchCriteriaId: "0369C1A6-A0FE-4BF8-89F5-5ED384565DAC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*", matchCriteriaId: "1638CC08-8886-4863-8532-883A8616592F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "0E4FD4F2-0449-4562-ABF2-927206CB77DD", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*", matchCriteriaId: "636F3F00-97A5-4497-A6A9-722AFC5BD689", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "EECDFCD7-0189-4C59-842D-C5F9064033A0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "AD634946-ED9B-47EB-8D0F-88EA6057D17C", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "49152208-4DBD-4AF7-BCB3-3D56650899F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", matchCriteriaId: "E6996B14-925B-46B8-982F-3545328B506B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.", }, ], id: "CVE-2004-0960", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-02-09T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11222", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 0.2 | |
| freeradius | freeradius | 0.3 | |
| freeradius | freeradius | 0.4 | |
| freeradius | freeradius | 0.5 | |
| freeradius | freeradius | 0.8 | |
| freeradius | freeradius | 0.8.1 | |
| freeradius | freeradius | 0.9 | |
| freeradius | freeradius | 0.9.1 | |
| freeradius | freeradius | 0.9.2 | |
| freeradius | freeradius | 0.9.3 | |
| freeradius | freeradius | 1.0.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | fedora_core | core_2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", matchCriteriaId: "5AEDD86F-92B9-43EC-80E3-54010E249FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDB110B-4057-4BA4-993A-9DA14888A093", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*", matchCriteriaId: "52C8708B-4D1A-48A7-87DF-DF4B53E66D06", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*", matchCriteriaId: "0369C1A6-A0FE-4BF8-89F5-5ED384565DAC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*", matchCriteriaId: "1638CC08-8886-4863-8532-883A8616592F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*", matchCriteriaId: "0E4FD4F2-0449-4562-ABF2-927206CB77DD", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*", matchCriteriaId: "636F3F00-97A5-4497-A6A9-722AFC5BD689", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "EECDFCD7-0189-4C59-842D-C5F9064033A0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "1D3EC2A3-5FB6-4D39-B1EA-C8E17AF1F0B2", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "AD634946-ED9B-47EB-8D0F-88EA6057D17C", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "49152208-4DBD-4AF7-BCB3-3D56650899F7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", matchCriteriaId: "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", matchCriteriaId: "EC79FF22-2664-4C40-B0B3-6D23B5F45162", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", matchCriteriaId: "E6996B14-925B-46B8-982F-3545328B506B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.", }, ], id: "CVE-2004-0961", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-02-09T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11222", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/11222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-03-04 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*", matchCriteriaId: "5AEDD86F-92B9-43EC-80E3-54010E249FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*", matchCriteriaId: "BFDB110B-4057-4BA4-993A-9DA14888A093", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.92.1:*:*:*:*:*:*:*", matchCriteriaId: "F5B0DFDC-913E-4358-9BF1-6AA1F871CB4B", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.93:*:*:*:*:*:*:*", matchCriteriaId: "F332DA97-B327-45E0-8948-18C2C7278757", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.94:*:*:*:*:*:*:*", matchCriteriaId: "67632403-328E-4149-B0EC-2B563DDD7FD8", vulnerable: true, }, { criteria: "cpe:2.3:a:gnu:radius:0.95:*:*:*:*:*:*:*", matchCriteriaId: "0F6945F8-EB40-4205-9585-3BF9A132406E", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.14:*:*:*:*:*:*:*", matchCriteriaId: "2A28A174-45A4-4886-8C87-2D475F9ABF18", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.15:*:*:*:*:*:*:*", matchCriteriaId: "A949E3FF-5360-4FC1-95E5-AB5080156D77", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.16:*:*:*:*:*:*:*", matchCriteriaId: "D000F534-1BF0-40A8-BD2B-9EBAF71D6FA3", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.17:*:*:*:*:*:*:*", matchCriteriaId: "15253C62-0FCC-4699-9CC5-486F23CDD1E7", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.17b:*:*:*:*:*:*:*", matchCriteriaId: "D01B8A1D-A4EC-4B92-A9EC-BECB35185ECC", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.18:*:*:*:*:*:*:*", matchCriteriaId: "10DD81E4-732C-4F23-80A7-987FCC0511D3", vulnerable: true, }, { criteria: "cpe:2.3:a:icradius:icradius:0.18.1:*:*:*:*:*:*:*", matchCriteriaId: "28A5F502-7DA3-44E2-AEFB-6D1FD7121F7C", vulnerable: true, }, { criteria: "cpe:2.3:a:livingston:radius:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8C2894BE-AE8B-491C-A776-5D2821D4DFB4", vulnerable: true, }, { criteria: "cpe:2.3:a:livingston:radius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "92CD1A39-33F6-47C3-8899-286C07C9C219", vulnerable: true, }, { criteria: "cpe:2.3:a:livingston:radius:2.1:*:*:*:*:*:*:*", matchCriteriaId: "E3133364-7726-4BFA-A552-03533F762161", vulnerable: true, }, { criteria: "cpe:2.3:a:lucent:radius:2.0:*:*:*:*:*:*:*", matchCriteriaId: "96927B69-BA71-460B-8A59-CF3FC93C9661", vulnerable: true, }, { criteria: "cpe:2.3:a:lucent:radius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "056AD200-84E8-4B99-863F-C1D61A6B4C7F", vulnerable: true, }, { criteria: "cpe:2.3:a:lucent:radius:2.1:*:*:*:*:*:*:*", matchCriteriaId: "6FCE2BA9-35E0-410A-B9CC-C77C9D95338E", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "4999A95F-9124-4585-B78C-34B8CDA87250", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "28DC815B-6648-4C3A-A66C-264EE6903CE7", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.3:*:*:*:*:*:*:*", matchCriteriaId: "627CD710-183C-433B-9CC6-804C8A726FE4", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "FA442BB3-4DAE-402C-8F3C-DFCA4C3EE63A", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6.5:*:*:*:*:*:*:*", matchCriteriaId: "DE605C8B-316E-4C04-B5D1-97A0E2719DBB", vulnerable: true, }, { criteria: "cpe:2.3:a:miquel_van_smoorenburg_cistron:radius:1.6_.0:*:*:*:*:*:*:*", matchCriteriaId: "13CF26C7-90DB-46FB-AE08-936FF7C324F9", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.8:*:*:*:*:*:*:*", matchCriteriaId: "15B965F5-E32D-4824-9A4B-0A2507CD167E", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9:*:*:*:*:*:*:*", matchCriteriaId: "C211927E-DE7F-450F-918B-DC3EAF6C5743", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9.1:*:*:*:*:*:*:*", matchCriteriaId: "6A74F1BA-3E1A-4073-A290-C086B6388F75", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9.2:*:*:*:*:*:*:*", matchCriteriaId: "CDDB28FF-D0B4-45A4-A2E7-C56B4D660204", vulnerable: true, }, { criteria: "cpe:2.3:a:openradius:openradius:0.9.3:*:*:*:*:*:*:*", matchCriteriaId: "5263133F-0C92-4C16-B933-71AEAE9C33BC", vulnerable: true, }, { criteria: "cpe:2.3:a:radiusclient:radiusclient:0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "ACE414B4-5E23-4DE9-AD86-8FE51CCE723B", vulnerable: true, }, { criteria: "cpe:2.3:a:xtradius:xtradius:1.1_pre1:*:*:*:*:*:*:*", matchCriteriaId: "F6713B65-D941-4DCE-AA63-FE0B408E575B", vulnerable: true, }, { criteria: "cpe:2.3:a:xtradius:xtradius:1.1_pre2:*:*:*:*:*:*:*", matchCriteriaId: "43B671B4-7B26-4F43-A477-1EE7F1E74245", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "7326E7C2-F310-4820-A36D-C7045E6ED721", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "C37D50E1-E8E1-4D07-93D2-D8DEE13872D9", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0.19:*:*:*:*:*:*:*", matchCriteriaId: "792AB6F5-0916-482B-A868-BC41B7A6EFE1", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0_pre13:*:*:*:*:*:*:*", matchCriteriaId: "F4A295E4-7D6D-4906-84D4-BB80AF58422E", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0_pre14:*:*:*:*:*:*:*", matchCriteriaId: "9A1FEC14-198C-46D1-8F96-9D91B9733A55", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius:yard_radius:1.0_pre15:*:*:*:*:*:*:*", matchCriteriaId: "DB2830F3-FB3A-4833-9027-B4933BA813ED", vulnerable: true, }, { criteria: "cpe:2.3:a:yard_radius_project:yard_radius:1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "95CC863F-9448-4692-AB9C-BA218D2313CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.", }, ], id: "CVE-2001-1377", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-03-04T05:00:00.000", references: [ { source: "cve@mitre.org", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { source: "cve@mitre.org", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/8354.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/936683", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/8354.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/936683", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/4230", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "45C6E852-B6B5-4598-84B0-8D55932928F8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.", }, ], id: "CVE-2002-0318", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2002-06-25T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=101440113410083&w=2", }, { source: "cve@mitre.org", url: "http://www.iss.net/security_center/static/9968.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=101440113410083&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.iss.net/security_center/static/9968.php", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.0 | |
| freeradius | freeradius | 2.0.1 | |
| freeradius | freeradius | 2.0.2 | |
| freeradius | freeradius | 2.0.3 | |
| freeradius | freeradius | 2.0.4 | |
| freeradius | freeradius | 2.0.5 | |
| freeradius | freeradius | 2.1.0 | |
| freeradius | freeradius | 2.1.1 | |
| freeradius | freeradius | 2.1.2 | |
| freeradius | freeradius | 2.1.3 | |
| freeradius | freeradius | 2.1.4 | |
| freeradius | freeradius | 2.1.6 | |
| freeradius | freeradius | 2.1.7 | |
| freeradius | freeradius | 2.1.8 | |
| freeradius | freeradius | 2.1.9 | |
| freeradius | freeradius | 2.1.10 | |
| freeradius | freeradius | 2.1.11 | |
| freeradius | freeradius | 2.1.12 | |
| freeradius | freeradius | 2.2.0 | |
| freeradius | freeradius | 2.2.1 | |
| freeradius | freeradius | 2.2.2 | |
| freeradius | freeradius | 2.2.3 | |
| freeradius | freeradius | 2.2.4 | |
| freeradius | freeradius | 2.2.5 | |
| freeradius | freeradius | 2.2.6 | |
| freeradius | freeradius | 2.2.7 | |
| freeradius | freeradius | 2.2.8 | |
| freeradius | freeradius | 2.2.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1F041B7-4DDB-406E-8A89-D2DDABD4AF96", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*", matchCriteriaId: "5DA3BD5F-8CB9-4907-92C5-7A4E884CE1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*", matchCriteriaId: "3D7056CF-FF7C-4175-907A-A47984A82CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2595550B-8820-471A-9D23-C40A848B73FE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "15D7F150-6B47-44B8-82A9-5E03AC83B05D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5600607D-209E-4A7B-AC82-657638232D13", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "C236E624-8DE0-46CD-A9F1-951D1CDD9F58", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "11403C9E-7217-43AF-9BF4-371FA2623C12", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "86A2EC8C-840A-4DB2-8038-7E0E2D704EA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-203 en FreeRADIUS versión 2.x anterior a 2.2.10, permite una \"DHCP - Memory leak in decode_tlv()\" y una denegación de servicio.", }, ], id: "CVE-2017-10980", lastModified: "2024-11-21T03:06:52.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.243", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99905", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B1F041B7-4DDB-406E-8A89-D2DDABD4AF96", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*", matchCriteriaId: "5DA3BD5F-8CB9-4907-92C5-7A4E884CE1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*", matchCriteriaId: "3D7056CF-FF7C-4175-907A-A47984A82CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9C4A43D5-03CA-4AAA-98A8-4EC86EC3EACB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8DDB64CF-D48E-4E3E-A1E8-B6AE330A6C99", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "25BF923C-F7CD-4232-8613-B1F09C7B9A35", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6A113B67-B9B6-421C-9EC9-E1FB462A4214", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6518E4DA-9531-4135-8462-A9E3BDD7AE38", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B92B1F7-8139-4D5A-9461-0C7314BCCBC5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5CAEB64-0676-4C18-8255-DACDA612188E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "17F7A434-49DC-4005-9161-F2B49559621F", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "7A54D59A-B832-4EE3-A8D6-A85EC17C268A", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D494932F-F639-44BE-B15C-7F07A67B0502", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "D2D45784-C53B-4A11-B1B3-BC68B514002D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "E969979B-2852-453D-AF48-A462448D4C62", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*", matchCriteriaId: "0E56E3E2-9142-47F5-B53E-61ACE4FA9A90", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*", matchCriteriaId: "CE0CFEA6-1AC0-41AA-BEF0-16FE1A933758", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*", matchCriteriaId: "C593C44B-CB2B-4C38-A44D-BA1BC9BF3CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "908DA549-0EE5-4B85-961F-1C67210F6AED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*", matchCriteriaId: "91FBBBC1-7106-4DA1-BBCF-9D776BB082ED", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0B421C2D-290B-4439-BED6-4C0AEBAF484B", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09685697-9D74-4ECA-ACB0-DF08A1442DF0", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4D536C78-5619-4B01-A838-EB348B6D947E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "9C3482E5-E818-40CE-A061-4469F3CAC702", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2595550B-8820-471A-9D23-C40A848B73FE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "15D7F150-6B47-44B8-82A9-5E03AC83B05D", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5600607D-209E-4A7B-AC82-657638232D13", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "C236E624-8DE0-46CD-A9F1-951D1CDD9F58", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "11403C9E-7217-43AF-9BF4-371FA2623C12", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "86A2EC8C-840A-4DB2-8038-7E0E2D704EA5", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "388D7673-6BA7-4113-86E1-00F9A60C8796", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7B5B5D50-C251-4569-9D2C-49FB64702646", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A693BD6B-BCFF-461B-B71D-4E6F7A614979", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E1D867F-7147-4C97-927B-C10404CC2985", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6BD8346B-8A41-43DF-9AFE-06E3546B6AC9", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "4C30EB50-6BCD-44E4-906A-618ACCF627DC", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8C129A8-59C9-4780-8454-4EB112DF0B40", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "13C228DD-0EB3-4348-8D7A-D17A59E92013", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "2400422C-8E52-4946-BE83-AA7167F0F703", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E1841E98-2B17-4DFC-B03F-4E4537D8A6A7", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "76048BE7-ABC9-4177-A6A6-03CD267708A3", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "00F2F28A-E975-469F-8720-ACAD38230A70", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "D0D08EA5-E832-40D7-9530-079C400B050E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "FAFBD765-22E7-446B-B0E9-FCE7DDB1B90E", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "C50B666B-B423-4182-BD9A-8893B66848AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.", }, { lang: "es", value: "Un problema FR-GV-206 en FreeRADIUS versión 2.x anterior a 2.2.10 y versión 3.x anterior a 3.0.15, permite una \"DHCP - Read overflow when decoding option 63\" y una denegación de servicio.", }, ], id: "CVE-2017-10983", lastModified: "2024-11-21T03:06:53.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T17:29:00.337", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/99915", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2017/dsa-3930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/99915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 1.0.3 | |
| freeradius | freeradius | 1.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4C48FE12-68CB-462D-B75E-204894325F5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.", }, ], evaluatorComment: "The vendor has released version 1.0.5 of FreeRADIUS to address these issues.", id: "CVE-2005-4744", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "secalert@redhat.com", url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16712", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19497", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19518", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/19811", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/20461", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2006/dsa-1089", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security/20050909-response-to-suse.txt", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security/20050909-vendor-sec.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/14775", }, { source: "secalert@redhat.com", url: "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22211", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19518", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/19811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/20461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security/20050909-response-to-suse.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security/20050909-vendor-sec.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/14775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 1.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95ADE53-BFBE-4B06-A1BF-EF576D567554", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).", }, ], id: "CVE-2005-1455", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-19T04:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/13541", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/13541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-17 18:15
Modified
2025-04-07 17:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://freeradius.org/security/ | Patch, Vendor Advisory | |
| secalert@redhat.com | https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://freeradius.org/security/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", matchCriteriaId: "904C69B2-4BA4-47FB-8B0D-0780AE90ADA4", versionEndIncluding: "3.0.25", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.", }, { lang: "es", value: "Se encontró un defecto en freeradius. Un cliente RADIUS o un servidor doméstico malicioso puede enviar un atributo binario con formato incorrecto que puede provocar que el servidor falle.", }, ], id: "CVE-2022-41861", lastModified: "2025-04-07T17:15:34.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-17T18:15:11.480", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://freeradius.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| freeradius | freeradius | 1.0.3 | |
| freeradius | freeradius | 1.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3F03F8FE-80BA-41A3-85CE-FFB6A18E6DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4C48FE12-68CB-462D-B75E-204894325F5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors \"while expanding %t\".", }, ], id: "CVE-2005-4746", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "secalert@redhat.com", url: "http://www.debian.org/security/2006/dsa-1145", }, { source: "secalert@redhat.com", url: "http://www.freeradius.org/security.html", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:066", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/19324", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/19325", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/17293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2006/dsa-1145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.freeradius.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/19324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/19325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/17293", }, ], sourceIdentifier: "secalert@redhat.com", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.", lastModified: "2006-08-30T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2011-2701
Vulnerability from cvelistv5
Published
2011-08-04 01:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48880 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68782 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2011/07/15/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/07/18/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/45425 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/518974/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html | x_refsource_MISC | |
| http://securityreason.com/securityalert/8325 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1025833 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.redhat.com/show_bug.cgi?id=724815 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/07/20/9 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:23.745Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "48880", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/48880", }, { name: "freeradius-certificate-security-bypass(68782)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782", }, { name: "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/15/6", }, { name: "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/18/2", }, { name: "45425", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45425", }, { name: "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/518974/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html", }, { name: "8325", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/8325", }, { name: "1025833", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1025833", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=724815", }, { name: "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-07-15T00:00:00", descriptions: [ { lang: "en", value: "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "48880", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/48880", }, { name: "freeradius-certificate-security-bypass(68782)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782", }, { name: "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/15/6", }, { name: "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/18/2", }, { name: "45425", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45425", }, { name: "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/518974/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html", }, { name: "8325", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/8325", }, { name: "1025833", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1025833", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=724815", }, { name: "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2011-2701", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "48880", refsource: "BID", url: "http://www.securityfocus.com/bid/48880", }, { name: "freeradius-certificate-security-bypass(68782)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782", }, { name: "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2011/07/15/6", }, { name: "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2011/07/18/2", }, { name: "45425", refsource: "SECUNIA", url: "http://secunia.com/advisories/45425", }, { name: "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/518974/100/0/threaded", }, { name: "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html", refsource: "MISC", url: "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html", }, { name: "8325", refsource: "SREASON", url: "http://securityreason.com/securityalert/8325", }, { name: "1025833", refsource: "SECTRACK", url: "http://securitytracker.com/id?1025833", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=724815", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=724815", }, { name: "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2011/07/20/9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-2701", datePublished: "2011-08-04T01:00:00", dateReserved: "2011-07-11T00:00:00", dateUpdated: "2024-08-06T23:08:23.745Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1376
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://online.securityfocus.com/archive/1/239784 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7534 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/589523 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/3530 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:51:08.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2002:030", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { name: "20011113 More problems with RADIUS (protocol and implementations)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://online.securityfocus.com/archive/1/239784", }, { name: "radius-message-digest-bo(7534)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534", }, { name: "VU#589523", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/589523", }, { name: "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { name: "SuSE-SA:2002:013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { name: "3530", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3530", }, { name: "CLA-2002:466", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { name: "CA-2002-06", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-11-13T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2002:030", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { name: "20011113 More problems with RADIUS (protocol and implementations)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://online.securityfocus.com/archive/1/239784", }, { name: "radius-message-digest-bo(7534)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534", }, { name: "VU#589523", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/589523", }, { name: "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { name: "SuSE-SA:2002:013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { name: "3530", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3530", }, { name: "CLA-2002:466", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { name: "CA-2002-06", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1376", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2002:030", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { name: "20011113 More problems with RADIUS (protocol and implementations)", refsource: "BUGTRAQ", url: "http://online.securityfocus.com/archive/1/239784", }, { name: "radius-message-digest-bo(7534)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534", }, { name: "VU#589523", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/589523", }, { name: "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { name: "SuSE-SA:2002:013", refsource: "SUSE", url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { name: "3530", refsource: "BID", url: "http://www.securityfocus.com/bid/3530", }, { name: "CLA-2002:466", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { name: "CA-2002-06", refsource: "CERT", url: "http://www.cert.org/advisories/CA-2002-06.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1376", datePublished: "2002-06-11T04:00:00", dateReserved: "2002-06-11T00:00:00", dateUpdated: "2024-08-08T04:51:08.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0961
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200409-29.xml | vendor-advisory, x_refsource_GENTOO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/11222 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/541574 | third-party-advisory, x_refsource_CERT-VN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.195Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-200409-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "oval:org.mitre.oval:def:10024", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024", }, { name: "11222", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/541574", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-20T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-200409-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "oval:org.mitre.oval:def:10024", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024", }, { name: "11222", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/541574", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0961", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-200409-29", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "oval:org.mitre.oval:def:10024", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024", }, { name: "11222", refsource: "BID", url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/541574", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0961", datePublished: "2004-10-20T04:00:00", dateReserved: "2004-10-18T00:00:00", dateUpdated: "2024-08-08T00:31:48.195Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10981
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99898 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:57.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99898", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99898", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99898", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99898", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10981", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038914", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99898", refsource: "BID", url: "http://www.securityfocus.com/bid/99898", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10981", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:57.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0967
Vulnerability from cvelistv5
Published
2003-12-02 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106935911101493&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=freeradius-users&m=106947389449613&w=2 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2003-386.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917 | vdb-entry, signature, x_refsource_OVAL | |
| http://marc.info/?l=bugtraq&m=106944220426970 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:12:34.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20031120 Remote DoS in FreeRADIUS, all versions.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=106935911101493&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", }, { name: "RHSA-2003:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2003-386.html", }, { name: "oval:org.mitre.oval:def:10917", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917", }, { name: "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=106944220426970", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-11-21T00:00:00", descriptions: [ { lang: "en", value: "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20031120 Remote DoS in FreeRADIUS, all versions.", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=106935911101493&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", }, { name: "RHSA-2003:386", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2003-386.html", }, { name: "oval:org.mitre.oval:def:10917", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917", }, { name: "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=106944220426970", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0967", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20031120 Remote DoS in FreeRADIUS, all versions.", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=106935911101493&w=2", }, { name: "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", refsource: "CONFIRM", url: "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", }, { name: "RHSA-2003:386", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2003-386.html", }, { name: "oval:org.mitre.oval:def:10917", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917", }, { name: "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=106944220426970", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0967", datePublished: "2003-12-02T05:00:00", dateReserved: "2003-11-26T00:00:00", dateUpdated: "2024-08-08T02:12:34.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11235
Vulnerability from cvelistv5
Published
2019-04-21 16:40
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 | x_refsource_MISC | |
| https://papers.mathyvanhoef.com/dragonblood.pdf | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/871675/ | x_refsource_MISC | |
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1695748 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3954-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:1131 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1142 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:08.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", }, { name: "USN-3954-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3954-1/", }, { name: "openSUSE-SU-2019:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { name: "RHSA-2019:1131", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { name: "RHSA-2019:1142", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { name: "openSUSE-SU-2019:1394", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { name: "openSUSE-SU-2020:0542", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T15:06:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { tags: [ "x_refsource_MISC", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, { tags: [ "x_refsource_MISC", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", }, { name: "USN-3954-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3954-1/", }, { name: "openSUSE-SU-2019:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { name: "RHSA-2019:1131", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { name: "RHSA-2019:1142", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { name: "openSUSE-SU-2019:1394", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { name: "openSUSE-SU-2020:0542", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", refsource: "MISC", url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { name: "https://papers.mathyvanhoef.com/dragonblood.pdf", refsource: "MISC", url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { name: "https://www.kb.cert.org/vuls/id/871675/", refsource: "MISC", url: "https://www.kb.cert.org/vuls/id/871675/", }, { name: "https://freeradius.org/security/", refsource: "MISC", url: "https://freeradius.org/security/", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", }, { name: "USN-3954-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3954-1/", }, { name: "openSUSE-SU-2019:1346", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { name: "RHSA-2019:1131", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { name: "RHSA-2019:1142", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { name: "openSUSE-SU-2019:1394", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { name: "openSUSE-SU-2020:0542", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11235", datePublished: "2019-04-21T16:40:32", dateReserved: "2019-04-15T00:00:00", dateUpdated: "2024-08-04T22:48:08.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-0968
Vulnerability from cvelistv5
Published
2003-12-02 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106986437621130&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:12:35.688Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=106986437621130&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-11-26T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=106986437621130&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0968", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=106986437621130&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0968", datePublished: "2003-12-02T05:00:00", dateReserved: "2003-11-26T00:00:00", dateUpdated: "2024-08-08T02:12:35.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4966
Vulnerability from cvelistv5
Published
2013-03-12 22:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0134.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHBA-2012-0881.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:23:39.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0134", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0134.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHBA-2012-0881.html", }, { name: "openSUSE-SU-2013:0137", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html", }, { name: "openSUSE-SU-2013:0191", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-12T22:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0134", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0134.html", }, { tags: [ "x_refsource_MISC", ], url: "http://rhn.redhat.com/errata/RHBA-2012-0881.html", }, { name: "openSUSE-SU-2013:0137", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html", }, { name: "openSUSE-SU-2013:0191", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4966", datePublished: "2013-03-12T22:00:00Z", dateReserved: "2011-12-23T00:00:00Z", dateUpdated: "2024-08-07T00:23:39.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-4474
Vulnerability from cvelistv5
Published
2008-10-07 21:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33151 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32170 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-list, x_refsource_MLIST | |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_CONFIRM | |
| http://uvw.ru/report.lenny.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/30901 | vdb-entry, x_refsource_BID | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.debian.org/debian-devel/2008/08/msg00271.html | mailing-list, x_refsource_MLIST | |
| http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:17:09.750Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "33151", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33151", }, { name: "32170", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32170", }, { name: "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/10/30/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=235770", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://uvw.ru/report.lenny.txt", }, { name: "30901", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30901", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", }, { name: "SUSE-SR:2008:028", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html", }, { name: "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.debian.org/debian-devel/2008/08/msg00271.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-12T00:00:00", descriptions: [ { lang: "en", value: "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2008-11-11T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "33151", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33151", }, { name: "32170", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32170", }, { name: "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/10/30/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=235770", }, { tags: [ "x_refsource_MISC", ], url: "http://uvw.ru/report.lenny.txt", }, { name: "30901", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30901", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", }, { name: "SUSE-SR:2008:028", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html", }, { name: "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.debian.org/debian-devel/2008/08/msg00271.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-4474", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "33151", refsource: "SECUNIA", url: "http://secunia.com/advisories/33151", }, { name: "32170", refsource: "SECUNIA", url: "http://secunia.com/advisories/32170", }, { name: "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/10/30/2", }, { name: "https://bugs.gentoo.org/show_bug.cgi?id=235770", refsource: "CONFIRM", url: "https://bugs.gentoo.org/show_bug.cgi?id=235770", }, { name: "http://uvw.ru/report.lenny.txt", refsource: "MISC", url: "http://uvw.ru/report.lenny.txt", }, { name: "30901", refsource: "BID", url: "http://www.securityfocus.com/bid/30901", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389", }, { name: "SUSE-SR:2008:028", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html", }, { name: "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", refsource: "MLIST", url: "http://lists.debian.org/debian-devel/2008/08/msg00271.html", }, { name: "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", refsource: "CONFIRM", url: "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-4474", datePublished: "2008-10-07T21:00:00", dateReserved: "2008-10-07T00:00:00", dateUpdated: "2024-08-07T10:17:09.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4680
Vulnerability from cvelistv5
Published
2017-04-05 17:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535810/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/75327 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1234975 | x_refsource_CONFIRM | |
| http://www.ocert.org/advisories/ocert-2015-008.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1032690 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:18:12.227Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html", }, { name: "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/535810/100/0/threaded", }, { name: "75327", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75327", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1234975", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2015-008.html", }, { name: "1032690", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032690", }, { name: "SUSE-SU-2017:0102", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-06-22T00:00:00", descriptions: [ { lang: "en", value: "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html", }, { name: "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/535810/100/0/threaded", }, { name: "75327", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75327", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1234975", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2015-008.html", }, { name: "1032690", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032690", }, { name: "SUSE-SU-2017:0102", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-4680", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html", }, { name: "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/535810/100/0/threaded", }, { name: "75327", refsource: "BID", url: "http://www.securityfocus.com/bid/75327", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1234975", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1234975", }, { name: "http://www.ocert.org/advisories/ocert-2015-008.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2015-008.html", }, { name: "1032690", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032690", }, { name: "SUSE-SU-2017:0102", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-4680", datePublished: "2017-04-05T17:00:00", dateReserved: "2015-06-19T00:00:00", dateUpdated: "2024-08-06T06:18:12.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1454
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_14_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/13540 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/alerts/2005/May/1013909.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html | mailing-list, x_refsource_FULLDISC | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2005-524.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20449 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:51:50.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2005:014", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { name: "13540", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13540", }, { name: "oval:org.mitre.oval:def:9610", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610", }, { name: "1013909", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { name: "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "GLSA-200505-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { name: "RHSA-2005:524", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { name: "freeradius-xlat-sql-injection(20449)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20449", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-06T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SR:2005:014", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { name: "13540", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13540", }, { name: "oval:org.mitre.oval:def:9610", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610", }, { name: "1013909", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { name: "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security.html", }, { name: "GLSA-200505-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { name: "RHSA-2005:524", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { name: "freeradius-xlat-sql-injection(20449)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20449", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1454", datePublished: "2005-05-19T04:00:00", dateReserved: "2005-05-05T00:00:00", dateUpdated: "2024-08-07T21:51:50.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4744
Vulnerability from cvelistv5
Published
2006-03-28 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:53:29.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20060404-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { name: "14775", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14775", }, { name: "20461", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/20461", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security/20050909-response-to-suse.txt", }, { name: "19811", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19811", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.freeradius.org/security/20050909-vendor-sec.txt", }, { name: "MDKSA-2006:066", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066", }, { name: "oval:org.mitre.oval:def:10449", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449", }, { name: "DSA-1089", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1089", }, { name: "19497", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19497", }, { name: "16712", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16712", }, { name: "RHSA-2006:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { name: "freeradius-token-sqlunixodbc-dos(22211)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22211", }, { name: "19518", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19518", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-09-09T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "20060404-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { name: "14775", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14775", }, { name: "20461", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/20461", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security/20050909-response-to-suse.txt", }, { name: "19811", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19811", }, { tags: [ "x_refsource_MISC", ], url: "http://www.freeradius.org/security/20050909-vendor-sec.txt", }, { name: "MDKSA-2006:066", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066", }, { name: "oval:org.mitre.oval:def:10449", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449", }, { name: "DSA-1089", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1089", }, { name: "19497", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19497", }, { name: "16712", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16712", }, { name: "RHSA-2006:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { name: "freeradius-token-sqlunixodbc-dos(22211)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/22211", }, { name: "19518", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19518", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-4744", datePublished: "2006-03-28T11:00:00", dateReserved: "2006-03-28T00:00:00", dateUpdated: "2024-08-07T23:53:29.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-1354
Vulnerability from cvelistv5
Published
2006-03-22 02:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T17:12:20.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-200604-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml", }, { name: "20060404-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", "x_transferred", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { name: "freeradius-eap-mschapv2-auth-bypass(25352)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352", }, { name: "19300", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19300", }, { name: "SUSE-SA:2006:019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html", }, { name: "17171", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/17171", }, { name: "20461", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/20461", }, { name: "19405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19405", }, { name: "19811", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19811", }, { name: "ADV-2006-1016", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2006/1016", }, { name: "oval:org.mitre.oval:def:10156", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "DSA-1089", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1089", }, { name: "1015795", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015795", }, { name: "RHSA-2006:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { name: "19527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19527", }, { name: "2006-0020", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2006/0020", }, { name: "MDKSA-2006:060", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060", }, { name: "19518", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/19518", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-03-21T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via \"Insufficient input validation\" in the EAP-MSCHAPv2 state machine module.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-200604-03", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml", }, { name: "20060404-01-U", tags: [ "vendor-advisory", "x_refsource_SGI", ], url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { name: "freeradius-eap-mschapv2-auth-bypass(25352)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352", }, { name: "19300", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19300", }, { name: "SUSE-SA:2006:019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html", }, { name: "17171", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/17171", }, { name: "20461", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/20461", }, { name: "19405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19405", }, { name: "19811", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19811", }, { name: "ADV-2006-1016", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2006/1016", }, { name: "oval:org.mitre.oval:def:10156", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security.html", }, { name: "DSA-1089", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1089", }, { name: "1015795", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015795", }, { name: "RHSA-2006:0271", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { name: "19527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19527", }, { name: "2006-0020", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2006/0020", }, { name: "MDKSA-2006:060", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060", }, { name: "19518", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/19518", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-1354", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via \"Insufficient input validation\" in the EAP-MSCHAPv2 state machine module.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-200604-03", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml", }, { name: "20060404-01-U", refsource: "SGI", url: "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc", }, { name: "freeradius-eap-mschapv2-auth-bypass(25352)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352", }, { name: "19300", refsource: "SECUNIA", url: "http://secunia.com/advisories/19300", }, { name: "SUSE-SA:2006:019", refsource: "SUSE", url: "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html", }, { name: "17171", refsource: "BID", url: "http://www.securityfocus.com/bid/17171", }, { name: "20461", refsource: "SECUNIA", url: "http://secunia.com/advisories/20461", }, { name: "19405", refsource: "SECUNIA", url: "http://secunia.com/advisories/19405", }, { name: "19811", refsource: "SECUNIA", url: "http://secunia.com/advisories/19811", }, { name: "ADV-2006-1016", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2006/1016", }, { name: "oval:org.mitre.oval:def:10156", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156", }, { name: "http://www.freeradius.org/security.html", refsource: "CONFIRM", url: "http://www.freeradius.org/security.html", }, { name: "DSA-1089", refsource: "DEBIAN", url: "http://www.debian.org/security/2006/dsa-1089", }, { name: "1015795", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015795", }, { name: "RHSA-2006:0271", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2006-0271.html", }, { name: "19527", refsource: "SECUNIA", url: "http://secunia.com/advisories/19527", }, { name: "2006-0020", refsource: "TRUSTIX", url: "http://www.trustix.org/errata/2006/0020", }, { name: "MDKSA-2006:060", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060", }, { name: "19518", refsource: "SECUNIA", url: "http://secunia.com/advisories/19518", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-1354", datePublished: "2006-03-22T02:00:00", dateReserved: "2006-03-21T00:00:00", dateUpdated: "2024-08-07T17:12:20.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0960
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200409-29.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/11222 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/541574 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-200409-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "11222", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { name: "oval:org.mitre.oval:def:11023", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-20T00:00:00", descriptions: [ { lang: "en", value: "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-200409-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "11222", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/541574", }, { name: "oval:org.mitre.oval:def:11023", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0960", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-200409-29", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "11222", refsource: "BID", url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/541574", }, { name: "oval:org.mitre.oval:def:11023", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0960", datePublished: "2004-10-20T04:00:00", dateReserved: "2004-10-18T00:00:00", dateUpdated: "2024-08-08T00:31:48.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1455
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_14_sr.html | vendor-advisory, x_refsource_SUSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/alerts/2005/May/1013909.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html | mailing-list, x_refsource_FULLDISC | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2005-524.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/13541 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20450 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:51:50.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2005:014", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { name: "oval:org.mitre.oval:def:9579", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579", }, { name: "1013909", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { name: "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "GLSA-200505-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { name: "RHSA-2005:524", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { name: "13541", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/13541", }, { name: "freeradius-sqlescapefunc-bo(20450)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-06T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SR:2005:014", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_14_sr.html", }, { name: "oval:org.mitre.oval:def:9579", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579", }, { name: "1013909", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/alerts/2005/May/1013909.html", }, { name: "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security.html", }, { name: "GLSA-200505-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml", }, { name: "RHSA-2005:524", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-524.html", }, { name: "13541", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/13541", }, { name: "freeradius-sqlescapefunc-bo(20450)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1455", datePublished: "2005-05-19T04:00:00", dateReserved: "2005-05-05T00:00:00", dateUpdated: "2024-08-07T21:51:50.027Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3596
Vulnerability from cvelistv5
Published
2024-07-09 12:02
Modified
2025-03-18 15:30
Severity ?
EPSS score ?
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rfc", vendor: "ietf", versions: [ { status: "affected", version: "2865", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-3596", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T03:55:37.141738Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-328", description: "CWE-328 Use of Weak Hash", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-924", description: "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-354", description: "CWE-354 Improper Validation of Integrity Check Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T15:30:26.842Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-29T14:32:14.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20240822-0001/", }, { url: "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol", }, { tags: [ "x_transferred", ], url: "https://datatracker.ietf.org/doc/html/rfc2865", }, { tags: [ "x_transferred", ], url: "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/", }, { tags: [ "x_transferred", ], url: "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf", }, { tags: [ "x_transferred", ], url: "https://www.blastradius.fail/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/07/09/4", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, ], cna: { affected: [ { product: "RFC", vendor: "IETF", versions: [ { status: "affected", version: "2865", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability", }, ], descriptions: [ { lang: "en", value: "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-328: Use of Weak Hash", lang: "en", }, ], }, { descriptions: [ { description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", }, ], }, { descriptions: [ { description: "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T09:05:59.827Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://datatracker.ietf.org/doc/html/rfc2865", }, { url: "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/", }, { url: "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf", }, { url: "https://www.blastradius.fail/", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/09/4", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014", }, ], source: { discovery: "EXTERNAL", }, title: "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", x_generator: { engine: "VINCE 3.0.4", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2024-3596", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2024-3596", datePublished: "2024-07-09T12:02:53.001Z", dateReserved: "2024-04-10T15:09:45.391Z", dateUpdated: "2025-03-18T15:30:26.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10979
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99901 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:56.375Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99901", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99901", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99901", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99901", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10979", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038914", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99901", refsource: "BID", url: "http://www.securityfocus.com/bid/99901", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10979", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:56.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-2028
Vulnerability from cvelistv5
Published
2007-04-13 18:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T13:23:50.303Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "2007-0013", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred", ], url: "http://www.trustix.org/errata/2007/0013/", }, { name: "oval:org.mitre.oval:def:11156", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156", }, { name: "MDKSA-2007:085", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085", }, { name: "GLSA-200704-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200704-14.xml", }, { name: "24996", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24996", }, { name: "ADV-2007-1369", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1369", }, { name: "RHSA-2007:0338", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2007-0338.html", }, { name: "24849", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24849", }, { name: "23466", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/23466", }, { name: "24917", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24917", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "SUSE-SR:2007:010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_10_sr.html", }, { name: "25201", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25201", }, { name: "24907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24907", }, { name: "25220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/25220", }, { name: "1018042", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018042", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-04-10T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "2007-0013", tags: [ "vendor-advisory", "x_refsource_TRUSTIX", ], url: "http://www.trustix.org/errata/2007/0013/", }, { name: "oval:org.mitre.oval:def:11156", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156", }, { name: "MDKSA-2007:085", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085", }, { name: "GLSA-200704-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200704-14.xml", }, { name: "24996", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24996", }, { name: "ADV-2007-1369", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1369", }, { name: "RHSA-2007:0338", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2007-0338.html", }, { name: "24849", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24849", }, { name: "23466", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/23466", }, { name: "24917", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24917", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security.html", }, { name: "SUSE-SR:2007:010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_10_sr.html", }, { name: "25201", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25201", }, { name: "24907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24907", }, { name: "25220", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/25220", }, { name: "1018042", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018042", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2007-2028", datePublished: "2007-04-13T18:00:00", dateReserved: "2007-04-13T00:00:00", dateUpdated: "2024-08-07T13:23:50.303Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41861
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-04-07 16:28
Severity ?
EPSS score ?
Summary
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Version: All versions from 0.0.1 to 3.0.25 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:56:38.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_transferred", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-41861", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T16:27:46.890633Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T16:28:17.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "freeradius", vendor: "n/a", versions: [ { status: "affected", version: "All versions from 0.0.1 to 3.0.25", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-17T00:00:00.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://freeradius.org/security/", }, { url: "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-41861", datePublished: "2023-01-17T00:00:00.000Z", dateReserved: "2022-09-30T00:00:00.000Z", dateUpdated: "2025-04-07T16:28:17.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10978
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99893 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:56.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "99893", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99893", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "99893", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99893", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10978", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038914", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038914", }, { name: "99893", refsource: "BID", url: "http://www.securityfocus.com/bid/99893", }, { name: "RHSA-2017:1759", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10978", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:56.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3697
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/41621 | third-party-advisory, x_refsource_SECUNIA | |
| http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223 | x_refsource_CONFIRM | |
| https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/10/01/3 | mailing-list, x_refsource_MLIST | |
| http://freeradius.org/press/index.html#2.1.10 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=639397 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/10/01/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:18:52.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "41621", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41621", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35", }, { name: "[oss-security] 20101001 CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/press/index.html#2.1.10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=639397", }, { name: "[oss-security] 20101001 Re: CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-10-07T20:21:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "41621", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41621", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35", }, { name: "[oss-security] 20101001 CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/press/index.html#2.1.10", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=639397", }, { name: "[oss-security] 20101001 Re: CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-3697", datePublished: "2010-10-07T20:21:00Z", dateReserved: "2010-10-01T00:00:00Z", dateUpdated: "2024-08-07T03:18:52.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-0938
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347 | vdb-entry, signature, x_refsource_OVAL | |
| http://security.gentoo.org/glsa/glsa-200409-29.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.osvdb.org/10178 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/11222 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/541574 | third-party-advisory, x_refsource_CERT-VN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:48.211Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:10837", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837", }, { name: "oval:org.mitre.oval:def:1347", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347", }, { name: "GLSA-200409-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "10178", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/10178", }, { name: "11222", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/541574", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-20T00:00:00", descriptions: [ { lang: "en", value: "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:10837", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837", }, { name: "oval:org.mitre.oval:def:1347", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347", }, { name: "GLSA-200409-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "10178", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/10178", }, { name: "11222", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/541574", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0938", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:10837", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837", }, { name: "oval:org.mitre.oval:def:1347", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347", }, { name: "GLSA-200409-29", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200409-29.xml", }, { name: "10178", refsource: "OSVDB", url: "http://www.osvdb.org/10178", }, { name: "11222", refsource: "BID", url: "http://www.securityfocus.com/bid/11222", }, { name: "freeradius-dos(17440)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440", }, { name: "VU#541574", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/541574", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0938", datePublished: "2004-10-16T04:00:00", dateReserved: "2004-10-06T00:00:00", dateUpdated: "2024-08-08T00:31:48.211Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10984
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99876 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:57.508Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99876", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99876", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99876", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99876", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10984", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, { name: "99876", refsource: "BID", url: "http://www.securityfocus.com/bid/99876", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10984", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:57.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8764
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html#eap-pwd-2015 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/08/7 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:21.944Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-04T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-27T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8764", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://freeradius.org/security.html#eap-pwd-2015", refsource: "CONFIRM", url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8764", datePublished: "2017-03-27T17:00:00", dateReserved: "2016-01-08T00:00:00", dateUpdated: "2024-08-06T08:29:21.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41860
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-04-07 16:39
Severity ?
EPSS score ?
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Version: All versions from 0.9.3 to 3.0.25 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:56:38.237Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_transferred", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-41860", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T16:39:17.283850Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T16:39:35.420Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "freeradius", vendor: "n/a", versions: [ { status: "affected", version: "All versions from 0.9.3 to 3.0.25", }, ], }, ], descriptions: [ { lang: "en", value: "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-17T00:00:00.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://freeradius.org/security/", }, { url: "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-41860", datePublished: "2023-01-17T00:00:00.000Z", dateReserved: "2022-09-30T00:00:00.000Z", dateUpdated: "2025-04-07T16:39:35.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13456
Vulnerability from cvelistv5
Published
2019-12-03 19:53
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://wpa3.mathyvanhoef.com | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1737663 | x_refsource_MISC | |
| https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:49:25.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wpa3.mathyvanhoef.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737663", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", }, { name: "openSUSE-SU-2020:0553", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-26T17:06:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_MISC", ], url: "https://wpa3.mathyvanhoef.com", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737663", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", }, { name: "openSUSE-SU-2020:0553", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13456", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://freeradius.org/security/", refsource: "MISC", url: "https://freeradius.org/security/", }, { name: "https://wpa3.mathyvanhoef.com", refsource: "MISC", url: "https://wpa3.mathyvanhoef.com", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1737663", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1737663", }, { name: "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", refsource: "CONFIRM", url: "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa", }, { name: "openSUSE-SU-2020:0553", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13456", datePublished: "2019-12-03T19:53:53", dateReserved: "2019-07-09T00:00:00", dateUpdated: "2024-08-04T23:49:25.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4746
Vulnerability from cvelistv5
Published
2006-03-28 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17293 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:092 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.osvdb.org/19325 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/19324 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2006/dsa-1145 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:066 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:53:29.012Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "17293", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/17293", }, { name: "MDKSA-2007:092", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { name: "19325", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/19325", }, { name: "19324", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/19324", }, { name: "DSA-1145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1145", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "MDKSA-2006:066", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:066", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-09-09T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors \"while expanding %t\".", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-04-04T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "17293", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/17293", }, { name: "MDKSA-2007:092", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { name: "19325", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/19325", }, { name: "19324", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/19324", }, { name: "DSA-1145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1145", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security.html", }, { name: "MDKSA-2006:066", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2006:066", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-4746", datePublished: "2006-03-28T11:00:00", dateReserved: "2006-03-28T00:00:00", dateUpdated: "2024-08-07T23:53:29.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41859
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-04-07 16:40
Severity ?
EPSS score ?
Summary
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Version: unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:56:38.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_transferred", ], url: "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-41859", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T16:40:02.278497Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T16:40:36.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "freeradius", vendor: "n/a", versions: [ { status: "affected", version: "unknown", }, ], }, ], descriptions: [ { lang: "en", value: "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-17T00:00:00.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://freeradius.org/security/", }, { url: "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-41859", datePublished: "2023-01-17T00:00:00.000Z", dateReserved: "2022-09-30T00:00:00.000Z", dateUpdated: "2025-04-07T16:40:36.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10980
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/99905 | vdb-entry, x_refsource_BID | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:57.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "99905", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99905", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "99905", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99905", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10980", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038914", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "99905", refsource: "BID", url: "http://www.securityfocus.com/bid/99905", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10980", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:57.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4745
Vulnerability from cvelistv5
Published
2006-03-28 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:092 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.debian.org/security/2006/dsa-1145 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/17294 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/19323 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:53:28.960Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDKSA-2007:092", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { name: "DSA-1145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2006/dsa-1145", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "17294", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/17294", }, { name: "19323", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/19323", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-09-09T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-04-04T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "MDKSA-2007:092", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092", }, { name: "DSA-1145", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2006/dsa-1145", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.freeradius.org/security.html", }, { name: "17294", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/17294", }, { name: "19323", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/19323", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-4745", datePublished: "2006-03-28T11:00:00", dateReserved: "2006-03-28T00:00:00", dateUpdated: "2024-08-07T23:53:28.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17185
Vulnerability from cvelistv5
Published
2020-03-21 00:13
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:33:17.262Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", }, { name: "openSUSE-SU-2020:0553", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-26T17:06:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", }, { name: "openSUSE-SU-2020:0553", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-17185", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://freeradius.org/security/", refsource: "MISC", url: "https://freeradius.org/security/", }, { name: "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", refsource: "CONFIRM", url: "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", }, { name: "openSUSE-SU-2020:0553", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-17185", datePublished: "2020-03-21T00:13:05", dateReserved: "2019-10-04T00:00:00", dateUpdated: "2024-08-05T01:33:17.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0080
Vulnerability from cvelistv5
Published
2007-01-05 11:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/32082 | vdb-entry, x_refsource_OSVDB | |
| http://www.freeradius.org/security.html | x_refsource_MISC | |
| http://www.attrition.org/pipermail/vim/2007-February/001304.html | mailing-list, x_refsource_VIM | |
| http://securitytracker.com/id?1017463 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31248 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/455678/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/455812/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:03:37.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "32082", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/32082", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.freeradius.org/security.html", }, { name: "20070211 FreeRADIUS dispute of CVE-2007-0080", tags: [ "mailing-list", "x_refsource_VIM", "x_transferred", ], url: "http://www.attrition.org/pipermail/vim/2007-February/001304.html", }, { name: "1017463", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017463", }, { name: "freeradius-smbconnectserver-bo(31248)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248", }, { name: "20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/455678/100/0/threaded", }, { name: "20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/455812/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-01-02T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited \"only to local administrators who have write access to the server configuration files.\" CVE concurs with the dispute", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "32082", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/32082", }, { tags: [ "x_refsource_MISC", ], url: "http://www.freeradius.org/security.html", }, { name: "20070211 FreeRADIUS dispute of CVE-2007-0080", tags: [ "mailing-list", "x_refsource_VIM", ], url: "http://www.attrition.org/pipermail/vim/2007-February/001304.html", }, { name: "1017463", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017463", }, { name: "freeradius-smbconnectserver-bo(31248)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248", }, { name: "20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/455678/100/0/threaded", }, { name: "20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/455812/100/0/threaded", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0080", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited \"only to local administrators who have write access to the server configuration files.\" CVE concurs with the dispute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "32082", refsource: "OSVDB", url: "http://osvdb.org/32082", }, { name: "http://www.freeradius.org/security.html", refsource: "MISC", url: "http://www.freeradius.org/security.html", }, { name: "20070211 FreeRADIUS dispute of CVE-2007-0080", refsource: "VIM", url: "http://www.attrition.org/pipermail/vim/2007-February/001304.html", }, { name: "1017463", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017463", }, { name: "freeradius-smbconnectserver-bo(31248)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248", }, { name: "20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/455678/100/0/threaded", }, { name: "20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/455812/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0080", datePublished: "2007-01-05T11:00:00", dateReserved: "2007-01-04T00:00:00", dateUpdated: "2024-08-07T12:03:37.018Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10982
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/99912 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:56.735Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "99912", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99912", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "99912", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99912", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10982", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038914", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "99912", refsource: "BID", url: "http://www.securityfocus.com/bid/99912", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10982", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:56.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8762
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html#eap-pwd-2015 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/08/7 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:21.730Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-04T00:00:00", descriptions: [ { lang: "en", value: "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-27T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8762", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://freeradius.org/security.html#eap-pwd-2015", refsource: "CONFIRM", url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8762", datePublished: "2017-03-27T17:00:00", dateReserved: "2016-01-08T00:00:00", dateUpdated: "2024-08-06T08:29:21.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10985
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/99968 | vdb-entry, x_refsource_BID | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:56.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "99968", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99968", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "99968", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99968", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10985", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "99968", refsource: "BID", url: "http://www.securityfocus.com/bid/99968", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10985", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:56.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-8763
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html#eap-pwd-2015 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/08/7 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:29:21.729Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-04T00:00:00", descriptions: [ { lang: "en", value: "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-27T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8763", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://freeradius.org/security.html#eap-pwd-2015", refsource: "CONFIRM", url: "http://freeradius.org/security.html#eap-pwd-2015", }, { name: "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/01/08/7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8763", datePublished: "2017-03-27T17:00:00", dateReserved: "2016-01-08T00:00:00", dateUpdated: "2024-08-06T08:29:21.729Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-0318
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101440113410083&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9968.php | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:42:29.248Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20020221 DoS Attack against many RADIUS servers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=101440113410083&w=2", }, { name: "freeradius-access-request-dos(9968)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/9968.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2002-02-21T00:00:00", descriptions: [ { lang: "en", value: "FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2003-03-20T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20020221 DoS Attack against many RADIUS servers", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=101440113410083&w=2", }, { name: "freeradius-access-request-dos(9968)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/9968.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2002-0318", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20020221 DoS Attack against many RADIUS servers", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=101440113410083&w=2", }, { name: "freeradius-access-request-dos(9968)", refsource: "XF", url: "http://www.iss.net/security_center/static/9968.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-0318", datePublished: "2003-04-02T05:00:00", dateReserved: "2002-05-01T00:00:00", dateUpdated: "2024-08-08T02:42:29.248Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2015
Vulnerability from cvelistv5
Published
2014-11-02 00:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/02/18/3 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2015-1287.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html | mailing-list, x_refsource_MLIST | |
| http://ubuntu.com/usn/usn-2122-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/65581 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1066761 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:58:16.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html", }, { name: "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/02/18/3", }, { name: "RHSA-2015:1287", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1287.html", }, { name: "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html", }, { name: "USN-2122-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-2122-1", }, { name: "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html", }, { name: "65581", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65581", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-12T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html", }, { name: "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/02/18/3", }, { name: "RHSA-2015:1287", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1287.html", }, { name: "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html", }, { name: "USN-2122-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-2122-1", }, { name: "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html", }, { name: "65581", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65581", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2015", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow", refsource: "MLIST", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html", }, { name: "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/02/18/3", }, { name: "RHSA-2015:1287", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1287.html", }, { name: "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow", refsource: "MLIST", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html", }, { name: "USN-2122-1", refsource: "UBUNTU", url: "http://ubuntu.com/usn/usn-2122-1", }, { name: "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow", refsource: "MLIST", url: "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html", }, { name: "65581", refsource: "BID", url: "http://www.securityfocus.com/bid/65581", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1066761", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2015", datePublished: "2014-11-02T00:00:00", dateReserved: "2014-02-17T00:00:00", dateUpdated: "2024-08-06T09:58:16.213Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10983
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/99915 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:57.885Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "99915", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99915", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1038914", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "99915", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99915", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10983", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1038914", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038914", }, { name: "RHSA-2017:1759", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1759", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "99915", refsource: "BID", url: "http://www.securityfocus.com/bid/99915", }, { name: "RHSA-2017:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10983", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:57.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11234
Vulnerability from cvelistv5
Published
2019-04-21 16:36
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 | x_refsource_MISC | |
| https://papers.mathyvanhoef.com/dragonblood.pdf | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/871675/ | x_refsource_MISC | |
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1695783 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3954-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:1131 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1142 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:08.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", }, { name: "USN-3954-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3954-1/", }, { name: "openSUSE-SU-2019:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { name: "RHSA-2019:1131", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { name: "RHSA-2019:1142", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { name: "openSUSE-SU-2019:1394", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { name: "openSUSE-SU-2020:0542", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-23T15:06:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { tags: [ "x_refsource_MISC", ], url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.kb.cert.org/vuls/id/871675/", }, { tags: [ "x_refsource_MISC", ], url: "https://freeradius.org/security/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", }, { name: "USN-3954-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3954-1/", }, { name: "openSUSE-SU-2019:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { name: "RHSA-2019:1131", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { name: "RHSA-2019:1142", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { name: "openSUSE-SU-2019:1394", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { name: "openSUSE-SU-2020:0542", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11234", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", refsource: "MISC", url: "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", }, { name: "https://papers.mathyvanhoef.com/dragonblood.pdf", refsource: "MISC", url: "https://papers.mathyvanhoef.com/dragonblood.pdf", }, { name: "https://www.kb.cert.org/vuls/id/871675/", refsource: "MISC", url: "https://www.kb.cert.org/vuls/id/871675/", }, { name: "https://freeradius.org/security/", refsource: "MISC", url: "https://freeradius.org/security/", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", }, { name: "USN-3954-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3954-1/", }, { name: "openSUSE-SU-2019:1346", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html", }, { name: "RHSA-2019:1131", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1131", }, { name: "RHSA-2019:1142", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1142", }, { name: "openSUSE-SU-2019:1394", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html", }, { name: "openSUSE-SU-2020:0542", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11234", datePublished: "2019-04-21T16:36:48", dateReserved: "2019-04-15T00:00:00", dateUpdated: "2024-08-04T22:48:08.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1377
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/8354.php | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/936683 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/4230 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisory, x_refsource_CERT | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc | vendor-advisory, x_refsource_FREEBSD |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:51:08.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2002:030", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { name: "radius-vendor-attribute-dos(8354)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/8354.php", }, { name: "VU#936683", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/936683", }, { name: "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { name: "SuSE-SA:2002:013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { name: "4230", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/4230", }, { name: "CLA-2002:466", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { name: "CA-2002-06", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, { name: "FreeBSD-SN-02:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-11-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2002:030", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { name: "radius-vendor-attribute-dos(8354)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/8354.php", }, { name: "VU#936683", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/936683", }, { name: "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { name: "SuSE-SA:2002:013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { name: "4230", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/4230", }, { name: "CLA-2002:466", tags: [ "vendor-advisory", "x_refsource_CONECTIVA", ], url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { name: "CA-2002-06", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.cert.org/advisories/CA-2002-06.html", }, { name: "FreeBSD-SN-02:02", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1377", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2002:030", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2002-030.html", }, { name: "radius-vendor-attribute-dos(8354)", refsource: "XF", url: "http://www.iss.net/security_center/static/8354.php", }, { name: "VU#936683", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/936683", }, { name: "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=101537153021792&w=2", }, { name: "SuSE-SA:2002:013", refsource: "SUSE", url: "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html", }, { name: "4230", refsource: "BID", url: "http://www.securityfocus.com/bid/4230", }, { name: "CLA-2002:466", refsource: "CONECTIVA", url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466", }, { name: "CA-2002-06", refsource: "CERT", url: "http://www.cert.org/advisories/CA-2002-06.html", }, { name: "FreeBSD-SN-02:02", refsource: "FREEBSD", url: "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1377", datePublished: "2002-06-11T04:00:00", dateReserved: "2002-06-11T00:00:00", dateUpdated: "2024-08-08T04:51:08.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-3111
Vulnerability from cvelistv5
Published
2009-09-09 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:14:56.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "36263", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36263", }, { name: "SUSE-SR:2009:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", }, { name: "[freeradius-users] 20090909 Version 1.1.8 has been released", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html", }, { name: "36509", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36509", }, { name: "oval:org.mitre.oval:def:9919", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://intevydis.com/vd-list.shtml", }, { name: "ADV-2009-3184", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/3184", }, { name: "SUSE-SR:2009:016", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { name: "APPLE-SA-2009-11-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", }, { name: "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/09/09/1", }, { name: "RHSA-2009:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1451.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-09-07T00:00:00", descriptions: [ { lang: "en", value: "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-18T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "36263", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36263", }, { name: "SUSE-SR:2009:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", }, { name: "[freeradius-users] 20090909 Version 1.1.8 has been released", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html", }, { name: "36509", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36509", }, { name: "oval:org.mitre.oval:def:9919", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919", }, { tags: [ "x_refsource_MISC", ], url: "http://intevydis.com/vd-list.shtml", }, { name: "ADV-2009-3184", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/3184", }, { name: "SUSE-SR:2009:016", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { name: "APPLE-SA-2009-11-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", }, { name: "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/09/09/1", }, { name: "RHSA-2009:1451", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1451.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3937", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-3111", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "36263", refsource: "BID", url: "http://www.securityfocus.com/bid/36263", }, { name: "SUSE-SR:2009:018", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", }, { name: "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", refsource: "CONFIRM", url: "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4", }, { name: "[freeradius-users] 20090909 Version 1.1.8 has been released", refsource: "MLIST", url: "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html", }, { name: "36509", refsource: "SECUNIA", url: "http://secunia.com/advisories/36509", }, { name: "oval:org.mitre.oval:def:9919", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919", }, { name: "http://intevydis.com/vd-list.shtml", refsource: "MISC", url: "http://intevydis.com/vd-list.shtml", }, { name: "ADV-2009-3184", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/3184", }, { name: "SUSE-SR:2009:016", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", }, { name: "APPLE-SA-2009-11-09-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", }, { name: "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/09/09/1", }, { name: "RHSA-2009:1451", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2009-1451.html", }, { name: "http://support.apple.com/kb/HT3937", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3937", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-3111", datePublished: "2009-09-09T18:00:00", dateReserved: "2009-09-09T00:00:00", dateUpdated: "2024-08-07T06:14:56.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9148
Vulnerability from cvelistv5
Published
2017-05-29 17:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html | x_refsource_MISC | |
| http://seclists.org/oss-sec/2017/q2/422 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2017:1581 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1038576 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98734 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201706-27 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:55:22.379Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://freeradius.org/security.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/oss-sec/2017/q2/422", }, { name: "RHSA-2017:1581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1581", }, { name: "1038576", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038576", }, { name: "98734", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98734", }, { name: "GLSA-201706-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201706-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-29T00:00:00", descriptions: [ { lang: "en", value: "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://freeradius.org/security.html", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/oss-sec/2017/q2/422", }, { name: "RHSA-2017:1581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1581", }, { name: "1038576", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038576", }, { name: "98734", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98734", }, { name: "GLSA-201706-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201706-27", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9148", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://freeradius.org/security.html", refsource: "MISC", url: "http://freeradius.org/security.html", }, { name: "http://seclists.org/oss-sec/2017/q2/422", refsource: "MISC", url: "http://seclists.org/oss-sec/2017/q2/422", }, { name: "RHSA-2017:1581", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1581", }, { name: "1038576", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038576", }, { name: "98734", refsource: "BID", url: "http://www.securityfocus.com/bid/98734", }, { name: "GLSA-201706-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201706-27", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9148", datePublished: "2017-05-29T17:00:00", dateReserved: "2017-05-22T00:00:00", dateUpdated: "2024-08-05T16:55:22.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10987
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99970 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:56.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99970", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99970", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "99970", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99970", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10987", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "99970", refsource: "BID", url: "http://www.securityfocus.com/bid/99970", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10987", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:56.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10143
Vulnerability from cvelistv5
Published
2019-05-24 00:00
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| freeradius | freeradius |
Version: affects <= 3.0.19 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "freeradius", vendor: "freeradius", versions: [ { lessThanOrEqual: "3.0.19", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "30", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "29", }, ], }, { cpes: [ "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_linux", vendor: "redhat", versions: [ { status: "affected", version: "8.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2019-10143", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T19:23:06.388705Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-01T19:24:21.005Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T22:10:10.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2019-4a8eeaf80e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/", }, { name: "FEDORA-2019-9454ce61b2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/", }, { name: "RHSA-2019:3353", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3353", }, { name: "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Nov/14", }, { tags: [ "x_transferred", ], url: "https://freeradius.org/security/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143", }, { tags: [ "x_transferred", ], url: "https://github.com/FreeRADIUS/freeradius-server/pull/2666", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "freeradius", vendor: "freeradius", versions: [ { status: "affected", version: "affects <= 3.0.19", }, ], }, ], descriptions: [ { lang: "en", value: "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-250", description: "CWE-250", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-12T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2019-4a8eeaf80e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/", }, { name: "FEDORA-2019-9454ce61b2", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/", }, { name: "RHSA-2019:3353", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3353", }, { name: "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/Nov/14", }, { url: "https://freeradius.org/security/", }, { url: "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143", }, { url: "https://github.com/FreeRADIUS/freeradius-server/pull/2666", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-10143", datePublished: "2019-05-24T00:00:00", dateReserved: "2019-03-27T00:00:00", dateUpdated: "2024-08-04T22:10:10.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3696
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41621 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2010/10/01/3 | mailing-list, x_refsource_MLIST | |
| http://freeradius.org/press/index.html#2.1.10 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/10/01/8 | mailing-list, x_refsource_MLIST | |
| https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=639390 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:18:52.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279", }, { name: "41621", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41621", }, { name: "[oss-security] 20101001 CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/press/index.html#2.1.10", }, { name: "[oss-security] 20101001 Re: CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=639390", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-10-07T20:21:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279", }, { name: "41621", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41621", }, { name: "[oss-security] 20101001 CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/press/index.html#2.1.10", }, { name: "[oss-security] 20101001 Re: CVE request: freeradius", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/10/01/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=639390", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-3696", datePublished: "2010-10-07T20:21:00Z", dateReserved: "2010-10-01T00:00:00Z", dateUpdated: "2024-08-07T03:18:52.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3547
Vulnerability from cvelistv5
Published
2012-09-18 17:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:13:49.904Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "50584", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50584", }, { name: "APPLE-SA-2013-10-22-5", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", }, { name: "50637", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50637", }, { name: "USN-1585-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1585-1", }, { name: "RHSA-2012:1327", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1327.html", }, { name: "50484", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50484", }, { name: "DSA-2546", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2546", }, { name: "55483", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55483", }, { name: "1027509", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027509", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", }, { name: "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html", }, { name: "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/09/10/2", }, { name: "MDVSA-2012:159", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159", }, { name: "openSUSE-SU-2012:1200", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html", }, { name: "freeradius-cbtlsverify-bo(78408)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408", }, { name: "RHSA-2012:1326", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1326.html", }, { name: "85325", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/85325", }, { name: "50770", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50770", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security.html", }, { name: "FEDORA-2012-15743", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-09-10T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "50584", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50584", }, { name: "APPLE-SA-2013-10-22-5", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", }, { name: "50637", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50637", }, { name: "USN-1585-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1585-1", }, { name: "RHSA-2012:1327", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1327.html", }, { name: "50484", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50484", }, { name: "DSA-2546", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2546", }, { name: "55483", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55483", }, { name: "1027509", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027509", }, { tags: [ "x_refsource_MISC", ], url: "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", }, { name: "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html", }, { name: "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/09/10/2", }, { name: "MDVSA-2012:159", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159", }, { name: "openSUSE-SU-2012:1200", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html", }, { name: "freeradius-cbtlsverify-bo(78408)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408", }, { name: "RHSA-2012:1326", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1326.html", }, { name: "85325", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/85325", }, { name: "50770", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50770", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security.html", }, { name: "FEDORA-2012-15743", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-3547", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "50584", refsource: "SECUNIA", url: "http://secunia.com/advisories/50584", }, { name: "APPLE-SA-2013-10-22-5", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", }, { name: "50637", refsource: "SECUNIA", url: "http://secunia.com/advisories/50637", }, { name: "USN-1585-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1585-1", }, { name: "RHSA-2012:1327", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-1327.html", }, { name: "50484", refsource: "SECUNIA", url: "http://secunia.com/advisories/50484", }, { name: "DSA-2546", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2546", }, { name: "55483", refsource: "BID", url: "http://www.securityfocus.com/bid/55483", }, { name: "1027509", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027509", }, { name: "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", refsource: "MISC", url: "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt", }, { name: "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html", }, { name: "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/09/10/2", }, { name: "MDVSA-2012:159", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159", }, { name: "openSUSE-SU-2012:1200", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html", }, { name: "freeradius-cbtlsverify-bo(78408)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408", }, { name: "RHSA-2012:1326", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-1326.html", }, { name: "85325", refsource: "OSVDB", url: "http://osvdb.org/85325", }, { name: "50770", refsource: "SECUNIA", url: "http://secunia.com/advisories/50770", }, { name: "http://freeradius.org/security.html", refsource: "CONFIRM", url: "http://freeradius.org/security.html", }, { name: "FEDORA-2012-15743", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-3547", datePublished: "2012-09-18T17:00:00", dateReserved: "2012-06-14T00:00:00", dateUpdated: "2024-08-06T20:13:49.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10986
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99971 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:56.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99971", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99971", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-17T00:00:00", descriptions: [ { lang: "en", value: "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "99971", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99971", }, { name: "DSA-3930", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://freeradius.org/security/fuzzer-2017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10986", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "99971", refsource: "BID", url: "http://www.securityfocus.com/bid/99971", }, { name: "DSA-3930", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3930", }, { name: "RHSA-2017:2389", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2389", }, { name: "http://freeradius.org/security/fuzzer-2017.html", refsource: "CONFIRM", url: "http://freeradius.org/security/fuzzer-2017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10986", datePublished: "2017-07-17T16:00:00", dateReserved: "2017-07-06T00:00:00", dateUpdated: "2024-08-05T17:57:56.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }