Vulnerabilities > Freeradius > Freeradius
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2015-8764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | 6.8 |
| 2017-03-27 | CVE-2015-8763 | Out-of-bounds Read vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | 6.8 |
| 2017-03-27 | CVE-2015-8762 | NULL Pointer Dereference vulnerability in Freeradius The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | 4.3 |
| 2014-11-02 | CVE-2014-2015 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freeradius Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | 7.5 |
| 2013-03-12 | CVE-2011-4966 | Credentials Management vulnerability in Freeradius modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. | 6.0 |
| 2012-09-18 | CVE-2012-3547 | Buffer Errors vulnerability in Freeradius 2.1.10/2.1.11/2.1.12 Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. | 6.8 |
| 2011-08-04 | CVE-2011-2701 | Improper Authentication vulnerability in Freeradius 2.1.11 The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. | 5.8 |
| 2010-10-07 | CVE-2010-3697 | Resource Management Errors vulnerability in Freeradius The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests. | 4.3 |
| 2009-09-09 | CVE-2009-3111 | Denial of Service vulnerability in FreeRADIUS Zero-length Tunnel-Password Attributes The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. | 5.0 |
| 2008-10-07 | CVE-2008-4474 | Link Following vulnerability in Freeradius 2.0.4 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | 7.2 |