All the vulnerabilites related to freeradius - freeradius
cve-2017-10984
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99876 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10984",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10982
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/99912 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "99912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99912"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10982",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3111
Vulnerability from cvelistv5
Published
2009-09-09 18:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36263"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
},
{
"name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
},
{
"name": "36509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36509"
},
{
"name": "oval:org.mitre.oval:def:9919",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
},
{
"name": "RHSA-2009:1451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36263"
},
{
"name": "SUSE-SR:2009:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
},
{
"name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
},
{
"name": "36509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36509"
},
{
"name": "oval:org.mitre.oval:def:9919",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SUSE-SR:2009:016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
},
{
"name": "RHSA-2009:1451",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36263"
},
{
"name": "SUSE-SR:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4",
"refsource": "CONFIRM",
"url": "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"
},
{
"name": "[freeradius-users] 20090909 Version 1.1.8 has been released",
"refsource": "MLIST",
"url": "https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00242.html"
},
{
"name": "36509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36509"
},
{
"name": "oval:org.mitre.oval:def:9919",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SUSE-SR:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "[oss-security] 20090909 CVE Request -- FreeRADIUS 1.1.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/09/1"
},
{
"name": "RHSA-2009:1451",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1451.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3111",
"datePublished": "2009-09-09T18:00:00",
"dateReserved": "2009-09-09T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0968
Vulnerability from cvelistv5
Published
2003-12-02 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106986437621130&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031126 FreeRADIUS \u003c= 0.9.3 rlm_smb module stack overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106986437621130\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031126 FreeRADIUS \u003c= 0.9.3 rlm_smb module stack overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106986437621130\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031126 FreeRADIUS \u003c= 0.9.3 rlm_smb module stack overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106986437621130\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0968",
"datePublished": "2003-12-02T05:00:00",
"dateReserved": "2003-11-26T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0938
Vulnerability from cvelistv5
Published
2004-10-16 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347 | vdb-entry, signature, x_refsource_OVAL | |
| http://security.gentoo.org/glsa/glsa-200409-29.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.osvdb.org/10178 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/11222 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/541574 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10837",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837"
},
{
"name": "oval:org.mitre.oval:def:1347",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347"
},
{
"name": "GLSA-200409-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "10178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10178"
},
{
"name": "11222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/541574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:10837",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837"
},
{
"name": "oval:org.mitre.oval:def:1347",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347"
},
{
"name": "GLSA-200409-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "10178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10178"
},
{
"name": "11222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/541574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10837",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10837"
},
{
"name": "oval:org.mitre.oval:def:1347",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1347"
},
{
"name": "GLSA-200409-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "10178",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10178"
},
{
"name": "11222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/541574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0938",
"datePublished": "2004-10-16T04:00:00",
"dateReserved": "2004-10-06T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2015
Vulnerability from cvelistv5
Published
2014-11-02 00:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/02/18/3 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2015-1287.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html | mailing-list, x_refsource_MLIST | |
| http://ubuntu.com/usn/usn-2122-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/65581 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1066761 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"
},
{
"name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"
},
{
"name": "RHSA-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"
},
{
"name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"
},
{
"name": "USN-2122-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2122-1"
},
{
"name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"
},
{
"name": "65581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"
},
{
"name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"
},
{
"name": "RHSA-2015:1287",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"
},
{
"name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"
},
{
"name": "USN-2122-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2122-1"
},
{
"name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"
},
{
"name": "65581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"
},
{
"name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"
},
{
"name": "RHSA-2015:1287",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"
},
{
"name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"
},
{
"name": "USN-2122-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2122-1"
},
{
"name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"
},
{
"name": "65581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65581"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2015",
"datePublished": "2014-11-02T00:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0960
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200409-29.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/11222 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/541574 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200409-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "11222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/541574"
},
{
"name": "oval:org.mitre.oval:def:11023",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200409-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "11222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/541574"
},
{
"name": "oval:org.mitre.oval:def:11023",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200409-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "11222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/541574"
},
{
"name": "oval:org.mitre.oval:def:11023",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0960",
"datePublished": "2004-10-20T04:00:00",
"dateReserved": "2004-10-18T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0967
Vulnerability from cvelistv5
Published
2003-12-02 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106935911101493&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=freeradius-users&m=106947389449613&w=2 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2003-386.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917 | vdb-entry, signature, x_refsource_OVAL | |
| http://marc.info/?l=bugtraq&m=106944220426970 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:34.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031120 Remote DoS in FreeRADIUS, all versions.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106935911101493\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=freeradius-users\u0026m=106947389449613\u0026w=2"
},
{
"name": "RHSA-2003:386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-386.html"
},
{
"name": "oval:org.mitre.oval:def:10917",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917"
},
{
"name": "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106944220426970"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031120 Remote DoS in FreeRADIUS, all versions.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106935911101493\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=freeradius-users\u0026m=106947389449613\u0026w=2"
},
{
"name": "RHSA-2003:386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-386.html"
},
{
"name": "oval:org.mitre.oval:def:10917",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917"
},
{
"name": "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106944220426970"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031120 Remote DoS in FreeRADIUS, all versions.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106935911101493\u0026w=2"
},
{
"name": "http://marc.info/?l=freeradius-users\u0026m=106947389449613\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=freeradius-users\u0026m=106947389449613\u0026w=2"
},
{
"name": "RHSA-2003:386",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-386.html"
},
{
"name": "oval:org.mitre.oval:def:10917",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917"
},
{
"name": "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106944220426970"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0967",
"datePublished": "2003-12-02T05:00:00",
"dateReserved": "2003-11-26T00:00:00",
"dateUpdated": "2024-08-08T02:12:34.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4966
Vulnerability from cvelistv5
Published
2013-03-12 22:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0134.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHBA-2012-0881.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html | vendor-advisory, x_refsource_SUSE | |
| https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0134.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHBA-2012-0881.html"
},
{
"name": "openSUSE-SU-2013:0137",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html"
},
{
"name": "openSUSE-SU-2013:0191",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0134.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHBA-2012-0881.html"
},
{
"name": "openSUSE-SU-2013:0137",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html"
},
{
"name": "openSUSE-SU-2013:0191",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4966",
"datePublished": "2013-03-12T22:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-08-07T00:23:39.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11234
Vulnerability from cvelistv5
Published
2019-04-21 16:36
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 | x_refsource_MISC | |
| https://papers.mathyvanhoef.com/dragonblood.pdf | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/871675/ | x_refsource_MISC | |
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1695783 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3954-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:1131 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1142 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
"refsource": "MISC",
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"name": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
},
{
"name": "USN-3954-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11234",
"datePublished": "2019-04-21T16:36:48",
"dateReserved": "2019-04-15T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41859
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | freeradius |
Version: unknown |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41859",
"datePublished": "2023-01-17T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3596
Vulnerability from cvelistv5
Published
2024-07-09 12:02
Modified
2024-08-29 14:32
Severity ?
EPSS score ?
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rfc",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T03:55:37.141738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T20:18:28.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-29T14:32:14.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
},
{
"url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"tags": [
"x_transferred"
],
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.blastradius.fail/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "RFC",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-328: Use of Weak Hash",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:08:23.145Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"url": "https://www.blastradius.fail/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3596",
"datePublished": "2024-07-09T12:02:53.001Z",
"dateReserved": "2024-04-10T15:09:45.391Z",
"dateUpdated": "2024-08-29T14:32:14.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10143
Vulnerability from cvelistv5
Published
2019-05-24 00:00
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | freeradius | freeradius |
Version: affects <= 3.0.19 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freeradius",
"vendor": "freeradius",
"versions": [
{
"lessThanOrEqual": "3.0.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "30"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "29"
}
]
},
{
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_linux",
"vendor": "redhat",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-10143",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:23:06.388705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:24:21.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-4a8eeaf80e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
},
{
"name": "FEDORA-2019-9454ce61b2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
},
{
"name": "RHSA-2019:3353",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3353"
},
{
"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Nov/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "freeradius",
"versions": [
{
"status": "affected",
"version": "affects \u003c= 3.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2019-4a8eeaf80e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
},
{
"name": "FEDORA-2019-9454ce61b2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
},
{
"name": "RHSA-2019:3353",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3353"
},
{
"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2019/Nov/14"
},
{
"url": "https://freeradius.org/security/"
},
{
"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10143",
"datePublished": "2019-05-24T00:00:00",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:10:10.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10979
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99901 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10979",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13456
Vulnerability from cvelistv5
Published
2019-12-03 19:53
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://wpa3.mathyvanhoef.com | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1737663 | x_refsource_MISC | |
| https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpa3.mathyvanhoef.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T17:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpa3.mathyvanhoef.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://wpa3.mathyvanhoef.com",
"refsource": "MISC",
"url": "https://wpa3.mathyvanhoef.com"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
},
{
"name": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
},
{
"name": "openSUSE-SU-2020:0553",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13456",
"datePublished": "2019-12-03T19:53:53",
"dateReserved": "2019-07-09T00:00:00",
"dateUpdated": "2024-08-04T23:49:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41861
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | freeradius |
Version: All versions from 0.0.1 to 3.0.25 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.0.1 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41861",
"datePublished": "2023-01-17T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2028
Vulnerability from cvelistv5
Published
2007-04-13 18:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "oval:org.mitre.oval:def:11156",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156"
},
{
"name": "MDKSA-2007:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085"
},
{
"name": "GLSA-200704-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-14.xml"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "ADV-2007-1369",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1369"
},
{
"name": "RHSA-2007:0338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0338.html"
},
{
"name": "24849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24849"
},
{
"name": "23466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23466"
},
{
"name": "24917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24917"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "SUSE-SR:2007:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_10_sr.html"
},
{
"name": "25201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25201"
},
{
"name": "24907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24907"
},
{
"name": "25220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25220"
},
{
"name": "1018042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "oval:org.mitre.oval:def:11156",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11156"
},
{
"name": "MDKSA-2007:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:085"
},
{
"name": "GLSA-200704-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-14.xml"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "ADV-2007-1369",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1369"
},
{
"name": "RHSA-2007:0338",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0338.html"
},
{
"name": "24849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24849"
},
{
"name": "23466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23466"
},
{
"name": "24917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24917"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "SUSE-SR:2007:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_10_sr.html"
},
{
"name": "25201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25201"
},
{
"name": "24907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24907"
},
{
"name": "25220",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25220"
},
{
"name": "1018042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018042"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-2028",
"datePublished": "2007-04-13T18:00:00",
"dateReserved": "2007-04-13T00:00:00",
"dateUpdated": "2024-08-07T13:23:50.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10987
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99970 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99970"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99970"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99970"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10987",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4744
Vulnerability from cvelistv5
Published
2006-03-28 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:29.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "14775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14775"
},
{
"name": "20461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security/20050909-response-to-suse.txt"
},
{
"name": "19811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freeradius.org/security/20050909-vendor-sec.txt"
},
{
"name": "MDKSA-2006:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066"
},
{
"name": "oval:org.mitre.oval:def:10449",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449"
},
{
"name": "DSA-1089",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1089"
},
{
"name": "19497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19497"
},
{
"name": "16712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16712"
},
{
"name": "RHSA-2006:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0271.html"
},
{
"name": "freeradius-token-sqlunixodbc-dos(22211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22211"
},
{
"name": "19518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19518"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20060404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "14775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14775"
},
{
"name": "20461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security/20050909-response-to-suse.txt"
},
{
"name": "19811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freeradius.org/security/20050909-vendor-sec.txt"
},
{
"name": "MDKSA-2006:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066"
},
{
"name": "oval:org.mitre.oval:def:10449",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449"
},
{
"name": "DSA-1089",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1089"
},
{
"name": "19497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19497"
},
{
"name": "16712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16712"
},
{
"name": "RHSA-2006:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0271.html"
},
{
"name": "freeradius-token-sqlunixodbc-dos(22211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22211"
},
{
"name": "19518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19518"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4744",
"datePublished": "2006-03-28T11:00:00",
"dateReserved": "2006-03-28T00:00:00",
"dateUpdated": "2024-08-07T23:53:29.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17185
Vulnerability from cvelistv5
Published
2020-03-21 00:13
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T17:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
},
{
"name": "openSUSE-SU-2020:0553",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17185",
"datePublished": "2020-03-21T00:13:05",
"dateReserved": "2019-10-04T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1377
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/8354.php | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/936683 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/4230 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisory, x_refsource_CERT | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc | vendor-advisory, x_refsource_FREEBSD |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "radius-vendor-attribute-dos(8354)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8354.php"
},
{
"name": "VU#936683",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936683"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "4230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4230"
},
{
"name": "CLA-2002:466",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-06.html"
},
{
"name": "FreeBSD-SN-02:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1377",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4474
Vulnerability from cvelistv5
Published
2008-10-07 21:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33151 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32170 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-list, x_refsource_MLIST | |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_CONFIRM | |
| http://uvw.ru/report.lenny.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/30901 | vdb-entry, x_refsource_BID | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.debian.org/debian-devel/2008/08/msg00271.html | mailing-list, x_refsource_MLIST | |
| http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33151"
},
{
"name": "32170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32170"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "30901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33151"
},
{
"name": "32170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32170"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "30901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33151"
},
{
"name": "32170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32170"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "30901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30901"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389"
},
{
"name": "SUSE-SR:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "[debian-devel] 20080811 Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00271.html"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/freeradius-dialupadmin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4474",
"datePublished": "2008-10-07T21:00:00",
"dateReserved": "2008-10-07T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11235
Vulnerability from cvelistv5
Published
2019-04-21 16:40
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
References
| ▼ | URL | Tags |
|---|---|---|
| https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 | x_refsource_MISC | |
| https://papers.mathyvanhoef.com/dragonblood.pdf | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/871675/ | x_refsource_MISC | |
| https://freeradius.org/security/ | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1695748 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3954-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html | vendor-advisory, x_refsource_SUSE | |
| https://access.redhat.com/errata/RHSA-2019:1131 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1142 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T15:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
"refsource": "MISC",
"url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
},
{
"name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
"refsource": "MISC",
"url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
},
{
"name": "https://www.kb.cert.org/vuls/id/871675/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/871675/"
},
{
"name": "https://freeradius.org/security/",
"refsource": "MISC",
"url": "https://freeradius.org/security/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
},
{
"name": "USN-3954-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3954-1/"
},
{
"name": "openSUSE-SU-2019:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
},
{
"name": "RHSA-2019:1131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1131"
},
{
"name": "RHSA-2019:1142",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1142"
},
{
"name": "openSUSE-SU-2019:1394",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
},
{
"name": "openSUSE-SU-2020:0542",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11235",
"datePublished": "2019-04-21T16:40:32",
"dateReserved": "2019-04-15T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1376
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://online.securityfocus.com/archive/1/239784 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7534 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/589523 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=101537153021792&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/3530 | vdb-entry, x_refsource_BID | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.cert.org/advisories/CA-2002-06.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:08.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2002:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-030.html"
},
{
"name": "20011113 More problems with RADIUS (protocol and implementations)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/239784"
},
{
"name": "radius-message-digest-bo(7534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7534"
},
{
"name": "VU#589523",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/589523"
},
{
"name": "20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101537153021792\u0026w=2"
},
{
"name": "SuSE-SA:2002:013",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html"
},
{
"name": "3530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3530"
},
{
"name": "CLA-2002:466",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000466"
},
{
"name": "CA-2002-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-06.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1376",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-11T00:00:00",
"dateUpdated": "2024-08-08T04:51:08.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1354
Vulnerability from cvelistv5
Published
2006-03-22 02:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml"
},
{
"name": "20060404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "freeradius-eap-mschapv2-auth-bypass(25352)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352"
},
{
"name": "19300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19300"
},
{
"name": "SUSE-SA:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html"
},
{
"name": "17171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17171"
},
{
"name": "20461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20461"
},
{
"name": "19405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19405"
},
{
"name": "19811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19811"
},
{
"name": "ADV-2006-1016",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1016"
},
{
"name": "oval:org.mitre.oval:def:10156",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "DSA-1089",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1089"
},
{
"name": "1015795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015795"
},
{
"name": "RHSA-2006:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0271.html"
},
{
"name": "19527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19527"
},
{
"name": "2006-0020",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "MDKSA-2006:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060"
},
{
"name": "19518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via \"Insufficient input validation\" in the EAP-MSCHAPv2 state machine module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml"
},
{
"name": "20060404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "freeradius-eap-mschapv2-auth-bypass(25352)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352"
},
{
"name": "19300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19300"
},
{
"name": "SUSE-SA:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html"
},
{
"name": "17171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17171"
},
{
"name": "20461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20461"
},
{
"name": "19405",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19405"
},
{
"name": "19811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19811"
},
{
"name": "ADV-2006-1016",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1016"
},
{
"name": "oval:org.mitre.oval:def:10156",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "DSA-1089",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1089"
},
{
"name": "1015795",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015795"
},
{
"name": "RHSA-2006:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0271.html"
},
{
"name": "19527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19527"
},
{
"name": "2006-0020",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "MDKSA-2006:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060"
},
{
"name": "19518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19518"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via \"Insufficient input validation\" in the EAP-MSCHAPv2 state machine module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200604-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml"
},
{
"name": "20060404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "freeradius-eap-mschapv2-auth-bypass(25352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25352"
},
{
"name": "19300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19300"
},
{
"name": "SUSE-SA:2006:019",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html"
},
{
"name": "17171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17171"
},
{
"name": "20461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20461"
},
{
"name": "19405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19405"
},
{
"name": "19811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19811"
},
{
"name": "ADV-2006-1016",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1016"
},
{
"name": "oval:org.mitre.oval:def:10156",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156"
},
{
"name": "http://www.freeradius.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.freeradius.org/security.html"
},
{
"name": "DSA-1089",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1089"
},
{
"name": "1015795",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015795"
},
{
"name": "RHSA-2006:0271",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0271.html"
},
{
"name": "19527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19527"
},
{
"name": "2006-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "MDKSA-2006:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:060"
},
{
"name": "19518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19518"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1354",
"datePublished": "2006-03-22T02:00:00",
"dateReserved": "2006-03-21T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2701
Vulnerability from cvelistv5
Published
2011-08-04 01:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48880 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68782 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2011/07/15/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/07/18/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/45425 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/518974/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html | x_refsource_MISC | |
| http://securityreason.com/securityalert/8325 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1025833 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.redhat.com/show_bug.cgi?id=724815 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/07/20/9 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48880"
},
{
"name": "freeradius-certificate-security-bypass(68782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
},
{
"name": "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
},
{
"name": "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
},
{
"name": "45425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45425"
},
{
"name": "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
},
{
"name": "8325",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8325"
},
{
"name": "1025833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
},
{
"name": "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48880"
},
{
"name": "freeradius-certificate-security-bypass(68782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
},
{
"name": "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
},
{
"name": "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
},
{
"name": "45425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45425"
},
{
"name": "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
},
{
"name": "8325",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8325"
},
{
"name": "1025833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
},
{
"name": "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48880"
},
{
"name": "freeradius-certificate-security-bypass(68782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
},
{
"name": "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
},
{
"name": "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
},
{
"name": "45425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45425"
},
{
"name": "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
},
{
"name": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html",
"refsource": "MISC",
"url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
},
{
"name": "8325",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8325"
},
{
"name": "1025833",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025833"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=724815",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
},
{
"name": "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2701",
"datePublished": "2011-08-04T01:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10983
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/99915 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99915"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99915"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99915"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10983",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10978
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/99893 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "99893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99893"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "99893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99893"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "99893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99893"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10978",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10986
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99971 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99971"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99971"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99971"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10986",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0961
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200409-29.xml | vendor-advisory, x_refsource_GENTOO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/11222 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17440 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/541574 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200409-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "oval:org.mitre.oval:def:10024",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024"
},
{
"name": "11222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/541574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200409-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "oval:org.mitre.oval:def:10024",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024"
},
{
"name": "11222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/541574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200409-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-29.xml"
},
{
"name": "oval:org.mitre.oval:def:10024",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10024"
},
{
"name": "11222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11222"
},
{
"name": "freeradius-dos(17440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17440"
},
{
"name": "VU#541574",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/541574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0961",
"datePublished": "2004-10-20T04:00:00",
"dateReserved": "2004-10-18T00:00:00",
"dateUpdated": "2024-08-08T00:31:48.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8763
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html#eap-pwd-2015 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/08/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freeradius.org/security.html#eap-pwd-2015",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8763",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2016-01-08T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41860
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | freeradius |
Version: All versions from 0.9.3 to 3.0.25 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.9.3 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41860",
"datePublished": "2023-01-17T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4680
Vulnerability from cvelistv5
Published
2017-04-05 17:00
Modified
2024-08-06 06:18
Severity ?
EPSS score ?
Summary
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535810/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/75327 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1234975 | x_refsource_CONFIRM | |
| http://www.ocert.org/advisories/ocert-2015-008.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1032690 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html"
},
{
"name": "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535810/100/0/threaded"
},
{
"name": "75327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2015-008.html"
},
{
"name": "1032690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032690"
},
{
"name": "SUSE-SU-2017:0102",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html"
},
{
"name": "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535810/100/0/threaded"
},
{
"name": "75327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2015-008.html"
},
{
"name": "1032690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032690"
},
{
"name": "SUSE-SU-2017:0102",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html"
},
{
"name": "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535810/100/0/threaded"
},
{
"name": "75327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75327"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975"
},
{
"name": "http://www.ocert.org/advisories/ocert-2015-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2015-008.html"
},
{
"name": "1032690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032690"
},
{
"name": "SUSE-SU-2017:0102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4680",
"datePublished": "2017-04-05T17:00:00",
"dateReserved": "2015-06-19T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8764
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html#eap-pwd-2015 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/08/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freeradius.org/security.html#eap-pwd-2015",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8764",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2016-01-08T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10985
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/99968 | vdb-entry, x_refsource_BID | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "99968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with \u0027concat\u0027 attributes\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "99968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with \u0027concat\u0027 attributes\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "99968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99968"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10985",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:56.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3547
Vulnerability from cvelistv5
Published
2012-09-18 17:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:49.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50584"
},
{
"name": "APPLE-SA-2013-10-22-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name": "50637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50637"
},
{
"name": "USN-1585-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1585-1"
},
{
"name": "RHSA-2012:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
},
{
"name": "50484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50484"
},
{
"name": "DSA-2546",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2546"
},
{
"name": "55483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55483"
},
{
"name": "1027509",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
},
{
"name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
},
{
"name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
},
{
"name": "MDVSA-2012:159",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
},
{
"name": "openSUSE-SU-2012:1200",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
},
{
"name": "freeradius-cbtlsverify-bo(78408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
},
{
"name": "RHSA-2012:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
},
{
"name": "85325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85325"
},
{
"name": "50770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security.html"
},
{
"name": "FEDORA-2012-15743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50584"
},
{
"name": "APPLE-SA-2013-10-22-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name": "50637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50637"
},
{
"name": "USN-1585-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1585-1"
},
{
"name": "RHSA-2012:1327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
},
{
"name": "50484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50484"
},
{
"name": "DSA-2546",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2546"
},
{
"name": "55483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55483"
},
{
"name": "1027509",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
},
{
"name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
},
{
"name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
},
{
"name": "MDVSA-2012:159",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
},
{
"name": "openSUSE-SU-2012:1200",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
},
{
"name": "freeradius-cbtlsverify-bo(78408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
},
{
"name": "RHSA-2012:1326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
},
{
"name": "85325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85325"
},
{
"name": "50770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security.html"
},
{
"name": "FEDORA-2012-15743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50584"
},
{
"name": "APPLE-SA-2013-10-22-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name": "50637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50637"
},
{
"name": "USN-1585-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1585-1"
},
{
"name": "RHSA-2012:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
},
{
"name": "50484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50484"
},
{
"name": "DSA-2546",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2546"
},
{
"name": "55483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55483"
},
{
"name": "1027509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027509"
},
{
"name": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt",
"refsource": "MISC",
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
},
{
"name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
},
{
"name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
},
{
"name": "MDVSA-2012:159",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
},
{
"name": "openSUSE-SU-2012:1200",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
},
{
"name": "freeradius-cbtlsverify-bo(78408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
},
{
"name": "RHSA-2012:1326",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
},
{
"name": "85325",
"refsource": "OSVDB",
"url": "http://osvdb.org/85325"
},
{
"name": "50770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50770"
},
{
"name": "http://freeradius.org/security.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security.html"
},
{
"name": "FEDORA-2012-15743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3547",
"datePublished": "2012-09-18T17:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:49.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1455
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_14_sr.html | vendor-advisory, x_refsource_SUSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/alerts/2005/May/1013909.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html | mailing-list, x_refsource_FULLDISC | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2005-524.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/13541 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20450 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"
},
{
"name": "oval:org.mitre.oval:def:9579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579"
},
{
"name": "1013909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"
},
{
"name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "GLSA-200505-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"
},
{
"name": "RHSA-2005:524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"
},
{
"name": "13541",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13541"
},
{
"name": "freeradius-sqlescapefunc-bo(20450)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2005:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"
},
{
"name": "oval:org.mitre.oval:def:9579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9579"
},
{
"name": "1013909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"
},
{
"name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "GLSA-200505-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"
},
{
"name": "RHSA-2005:524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"
},
{
"name": "13541",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13541"
},
{
"name": "freeradius-sqlescapefunc-bo(20450)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20450"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1455",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-05T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10980
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/99905 | vdb-entry, x_refsource_BID | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "99905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99905"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10980",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10981
Vulnerability from cvelistv5
Published
2017-07-17 16:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisory, x_refsource_DEBIAN | |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99898 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99898",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99898",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10981",
"datePublished": "2017-07-17T16:00:00",
"dateReserved": "2017-07-06T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9148
Vulnerability from cvelistv5
Published
2017-05-29 17:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html | x_refsource_MISC | |
| http://seclists.org/oss-sec/2017/q2/422 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2017:1581 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1038576 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/98734 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201706-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freeradius.org/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q2/422"
},
{
"name": "RHSA-2017:1581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1581"
},
{
"name": "1038576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038576"
},
{
"name": "98734",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98734"
},
{
"name": "GLSA-201706-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freeradius.org/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2017/q2/422"
},
{
"name": "RHSA-2017:1581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1581"
},
{
"name": "1038576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038576"
},
{
"name": "98734",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98734"
},
{
"name": "GLSA-201706-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freeradius.org/security.html",
"refsource": "MISC",
"url": "http://freeradius.org/security.html"
},
{
"name": "http://seclists.org/oss-sec/2017/q2/422",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2017/q2/422"
},
{
"name": "RHSA-2017:1581",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1581"
},
{
"name": "1038576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038576"
},
{
"name": "98734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98734"
},
{
"name": "GLSA-201706-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9148",
"datePublished": "2017-05-29T17:00:00",
"dateReserved": "2017-05-22T00:00:00",
"dateUpdated": "2024-08-05T16:55:22.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4746
Vulnerability from cvelistv5
Published
2006-03-28 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/17293 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:092 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.osvdb.org/19325 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/19324 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2006/dsa-1145 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:066 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:29.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17293"
},
{
"name": "MDKSA-2007:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092"
},
{
"name": "19325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19325"
},
{
"name": "19324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19324"
},
{
"name": "DSA-1145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "MDKSA-2006:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors \"while expanding %t\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "17293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17293"
},
{
"name": "MDKSA-2007:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092"
},
{
"name": "19325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19325"
},
{
"name": "19324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19324"
},
{
"name": "DSA-1145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "MDKSA-2006:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:066"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4746",
"datePublished": "2006-03-28T11:00:00",
"dateReserved": "2006-03-28T00:00:00",
"dateUpdated": "2024-08-07T23:53:29.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4745
Vulnerability from cvelistv5
Published
2006-03-28 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:092 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.debian.org/security/2006/dsa-1145 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/17294 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/19323 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2007:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092"
},
{
"name": "DSA-1145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "17294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17294"
},
{
"name": "19323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDKSA-2007:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:092"
},
{
"name": "DSA-1145",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "17294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17294"
},
{
"name": "19323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19323"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4745",
"datePublished": "2006-03-28T11:00:00",
"dateReserved": "2006-03-28T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0318
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101440113410083&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9968.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:29.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020221 DoS Attack against many RADIUS servers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440113410083\u0026w=2"
},
{
"name": "freeradius-access-request-dos(9968)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9968.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020221 DoS Attack against many RADIUS servers",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101440113410083\u0026w=2"
},
{
"name": "freeradius-access-request-dos(9968)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9968.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020221 DoS Attack against many RADIUS servers",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101440113410083\u0026w=2"
},
{
"name": "freeradius-access-request-dos(9968)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9968.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0318",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:29.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1454
Vulnerability from cvelistv5
Published
2005-05-19 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_14_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/13540 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/alerts/2005/May/1013909.html | vdb-entry, x_refsource_SECTRACK | |
| http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html | mailing-list, x_refsource_FULLDISC | |
| http://www.freeradius.org/security.html | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.redhat.com/support/errata/RHSA-2005-524.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20449 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"
},
{
"name": "13540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13540"
},
{
"name": "oval:org.mitre.oval:def:9610",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610"
},
{
"name": "1013909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"
},
{
"name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "GLSA-200505-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"
},
{
"name": "RHSA-2005:524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"
},
{
"name": "freeradius-xlat-sql-injection(20449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2005:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_14_sr.html"
},
{
"name": "13540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13540"
},
{
"name": "oval:org.mitre.oval:def:9610",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9610"
},
{
"name": "1013909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/May/1013909.html"
},
{
"name": "20050520 ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0492.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "GLSA-200505-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml"
},
{
"name": "RHSA-2005:524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-524.html"
},
{
"name": "freeradius-xlat-sql-injection(20449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20449"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1454",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-05T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3697
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/41621 | third-party-advisory, x_refsource_SECUNIA | |
| http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223 | x_refsource_CONFIRM | |
| https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/10/01/3 | mailing-list, x_refsource_MLIST | |
| http://freeradius.org/press/index.html#2.1.10 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=639397 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/10/01/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35"
},
{
"name": "[oss-security] 20101001 CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/press/index.html#2.1.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639397"
},
{
"name": "[oss-security] 20101001 Re: CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-07T20:21:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "41621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/alandekok/freeradius-server/commit/ff94dd35673bba1476594299d31ce8293b8bd223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35"
},
{
"name": "[oss-security] 20101001 CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/press/index.html#2.1.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639397"
},
{
"name": "[oss-security] 20101001 Re: CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3697",
"datePublished": "2010-10-07T20:21:00Z",
"dateReserved": "2010-10-01T00:00:00Z",
"dateUpdated": "2024-08-07T03:18:52.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0080
Vulnerability from cvelistv5
Published
2007-01-05 11:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/32082 | vdb-entry, x_refsource_OSVDB | |
| http://www.freeradius.org/security.html | x_refsource_MISC | |
| http://www.attrition.org/pipermail/vim/2007-February/001304.html | mailing-list, x_refsource_VIM | |
| http://securitytracker.com/id?1017463 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31248 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/455678/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/455812/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32082"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "20070211 FreeRADIUS dispute of CVE-2007-0080",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-February/001304.html"
},
{
"name": "1017463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017463"
},
{
"name": "freeradius-smbconnectserver-bo(31248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248"
},
{
"name": "20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455678/100/0/threaded"
},
{
"name": "20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455812/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited \"only to local administrators who have write access to the server configuration files.\" CVE concurs with the dispute"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32082",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32082"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freeradius.org/security.html"
},
{
"name": "20070211 FreeRADIUS dispute of CVE-2007-0080",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-February/001304.html"
},
{
"name": "1017463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017463"
},
{
"name": "freeradius-smbconnectserver-bo(31248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248"
},
{
"name": "20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455678/100/0/threaded"
},
{
"name": "20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455812/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited \"only to local administrators who have write access to the server configuration files.\" CVE concurs with the dispute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32082",
"refsource": "OSVDB",
"url": "http://osvdb.org/32082"
},
{
"name": "http://www.freeradius.org/security.html",
"refsource": "MISC",
"url": "http://www.freeradius.org/security.html"
},
{
"name": "20070211 FreeRADIUS dispute of CVE-2007-0080",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-February/001304.html"
},
{
"name": "1017463",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017463"
},
{
"name": "freeradius-smbconnectserver-bo(31248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31248"
},
{
"name": "20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455678/100/0/threaded"
},
{
"name": "20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455812/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0080",
"datePublished": "2007-01-05T11:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3696
Vulnerability from cvelistv5
Published
2010-10-07 20:21
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41621 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2010/10/01/3 | mailing-list, x_refsource_MLIST | |
| http://freeradius.org/press/index.html#2.1.10 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/10/01/8 | mailing-list, x_refsource_MLIST | |
| https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=639390 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:52.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279"
},
{
"name": "41621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41621"
},
{
"name": "[oss-security] 20101001 CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/press/index.html#2.1.10"
},
{
"name": "[oss-security] 20101001 Re: CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-07T20:21:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279"
},
{
"name": "41621",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41621"
},
{
"name": "[oss-security] 20101001 CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/press/index.html#2.1.10"
},
{
"name": "[oss-security] 20101001 Re: CVE request: freeradius",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639390"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3696",
"datePublished": "2010-10-07T20:21:00Z",
"dateReserved": "2010-10-01T00:00:00Z",
"dateUpdated": "2024-08-07T03:18:52.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8762
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://freeradius.org/security.html#eap-pwd-2015 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/08/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freeradius.org/security.html#eap-pwd-2015",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security.html#eap-pwd-2015"
},
{
"name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8762",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2016-01-08T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}