Vulnerabilities > CVE-2017-10979 - Out-of-bounds Write vulnerability in Freeradius

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
freeradius
CWE-787
nessus

Summary

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1759.NASL
    descriptionAn update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es) : * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101823
    published2017-07-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101823
    titleCentOS 6 : freeradius (CESA-2017:1759)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:1759 and 
    # CentOS Errata and Security Advisory 2017:1759 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101823);
      script_version("3.13");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2017-10978", "CVE-2017-10979", "CVE-2017-10980", "CVE-2017-10981", "CVE-2017-10982", "CVE-2017-10983");
      script_xref(name:"RHSA", value:"2017:1759");
      script_xref(name:"IAVA", value:"2017-A-0232");
    
      script_name(english:"CentOS 6 : freeradius (CESA-2017:1759)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for freeradius is now available for Red Hat Enterprise Linux
    6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    FreeRADIUS is a high-performance and highly configurable free Remote
    Authentication Dial In User Service (RADIUS) server, designed to allow
    centralized authentication and authorization for a network.
    
    Security Fix(es) :
    
    * An out-of-bounds write flaw was found in the way FreeRADIUS server
    handled certain attributes in request packets. A remote attacker could
    use this flaw to crash the FreeRADIUS server or to execute arbitrary
    code in the context of the FreeRADIUS server process by sending a
    specially crafted request packet. (CVE-2017-10979)
    
    * An out-of-bounds read and write flaw was found in the way FreeRADIUS
    server handled RADIUS packets. A remote attacker could use this flaw
    to crash the FreeRADIUS server by sending a specially crafted RADIUS
    packet. (CVE-2017-10978)
    
    * Multiple memory leak flaws were found in the way FreeRADIUS server
    handled decoding of DHCP packets. A remote attacker could use these
    flaws to cause the FreeRADIUS server to consume an increasing amount
    of memory resources over time, possibly leading to a crash due to
    memory exhaustion, by sending specially crafted DHCP packets.
    (CVE-2017-10980, CVE-2017-10981)
    
    * Multiple out-of-bounds read flaws were found in the way FreeRADIUS
    server handled decoding of DHCP packets. A remote attacker could use
    these flaws to crash the FreeRADIUS server by sending a specially
    crafted DHCP request. (CVE-2017-10982, CVE-2017-10983)
    
    Red Hat would like to thank the FreeRADIUS project for reporting these
    issues. Upstream acknowledges Guido Vranken as the original reporter
    of these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2017-July/022507.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d11050af"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected freeradius packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10979");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-krb5-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-ldap-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-mysql-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-perl-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-postgresql-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-python-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-unixODBC-2.2.6-7.el6_9")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"freeradius-utils-2.2.6-7.el6_9")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius / freeradius-krb5 / freeradius-ldap / freeradius-mysql / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170718_FREERADIUS_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) - An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) - Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) - Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983)
    last seen2020-03-18
    modified2017-07-19
    plugin id101800
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101800
    titleScientific Linux Security Update : freeradius on SL6.x i386/x86_64 (20170718)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3930.NASL
    descriptionGuido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All those issues are covered by this single DSA, but it
    last seen2020-06-01
    modified2020-06-02
    plugin id102371
    published2017-08-11
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102371
    titleDebian DSA-3930-1 : freeradius - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1759.NASL
    descriptionFrom Red Hat Security Advisory 2017:1759 : An update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es) : * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101798
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101798
    titleOracle Linux 6 : freeradius (ELSA-2017-1759)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1759.NASL
    descriptionAn update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es) : * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119219
    published2018-11-27
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119219
    titleVirtuozzo 6 : freeradius / freeradius-krb5 / freeradius-ldap / etc (VZLSA-2017-1759)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SERVER_5_4.NASL
    descriptionThe version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.4. It is, therefore, affected by the multiple Buffer Overflow DoS vulnerabilities in FreeRADIUS
    last seen2020-06-01
    modified2020-06-02
    plugin id103531
    published2017-09-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103531
    titlemacOS : macOS Server < 5.4 Multiple Vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-865.NASL
    descriptionOut-of-bounds read in fr_dhcp_decode_options() : An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982) Out-of-bounds read in fr_dhcp_decode() when decoding option 63 : An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) Memory leak in decode_tlv() : A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time possibly leading to a crash due to memory exhaustion. (CVE-2017-10980) Memory leak in fr_dhcp_decode() : A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10981) Out-of-bounds write in rad_coalesce() : An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) Out-of-bounds read/write due to improper output buffer size check in make_secret() : An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978)
    last seen2020-06-01
    modified2020-06-02
    plugin id102180
    published2017-08-04
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102180
    titleAmazon Linux AMI : freeradius (ALAS-2017-865)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0107_FREERADIUS.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has freeradius packages installed that are affected by multiple vulnerabilities: - An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) - An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) - An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) - A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10981) - An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982) - A memory leak flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to cause the FreeRADIUS server to consume an increasing amount of memory resources over time possibly leading to a crash due to memory exhaustion. (CVE-2017-10980) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127341
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127341
    titleNewStart CGSL MAIN 4.05 : freeradius Multiple Vulnerabilities (NS-SA-2019-0107)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1064.NASL
    descriptionGuido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial of service by application crash, or potentially execute arbitrary code. For Debian 7
    last seen2020-03-17
    modified2017-08-28
    plugin id102784
    published2017-08-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102784
    titleDebian DLA-1064-1 : freeradius security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3369-1.NASL
    descriptionGuido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102033
    published2017-07-28
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102033
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : freeradius vulnerabilities (USN-3369-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2244-1.NASL
    descriptionThis update for freeradius-server fixes the following issues: Security issues fixed : - CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086) - CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) - CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id102729
    published2017-08-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102729
    titleSUSE SLES11 Security Update : freeradius-server (SUSE-SU-2017:2244-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1759.NASL
    descriptionAn update for freeradius is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es) : * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101786
    published2017-07-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101786
    titleRHEL 6 : freeradius (RHSA-2017:1759)

Redhat

advisories
rhsa
idRHSA-2017:1759
rpms
  • freeradius-0:2.2.6-7.el6_9
  • freeradius-debuginfo-0:2.2.6-7.el6_9
  • freeradius-krb5-0:2.2.6-7.el6_9
  • freeradius-ldap-0:2.2.6-7.el6_9
  • freeradius-mysql-0:2.2.6-7.el6_9
  • freeradius-perl-0:2.2.6-7.el6_9
  • freeradius-postgresql-0:2.2.6-7.el6_9
  • freeradius-python-0:2.2.6-7.el6_9
  • freeradius-unixODBC-0:2.2.6-7.el6_9
  • freeradius-utils-0:2.2.6-7.el6_9