Vulnerabilities > CVE-2010-3696 - Resource Management Errors vulnerability in Freeradius 2.1.9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201311-09.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201311-09 (FreeRADIUS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeRADIUS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 70869 |
published | 2013-11-13 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/70869 |
title | GLSA-201311-09 : FreeRADIUS: Multiple vulnerabilities |
code |
|
References
- http://www.openwall.com/lists/oss-security/2010/10/01/8
- http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279
- http://secunia.com/advisories/41621
- https://bugzilla.redhat.com/show_bug.cgi?id=639390
- https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77
- http://www.openwall.com/lists/oss-security/2010/10/01/3
- http://freeradius.org/press/index.html#2.1.10