Summary
Detail | |||
---|---|---|---|
Vendor | Freeradius | First view | 2003-12-15 |
Product | Freeradius | Last view | 2023-01-17 |
Version | 0.4 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:freeradius:freeradius |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2023-01-17 | CVE-2022-41861 | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. |
7.5 | 2023-01-17 | CVE-2022-41860 | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. |
7.5 | 2023-01-17 | CVE-2022-41859 | In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. |
7.5 | 2020-03-21 | CVE-2019-17185 | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. |
6.5 | 2019-12-03 | CVE-2019-13456 | In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. |
7 | 2019-05-24 | CVE-2019-10143 | It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." |
9.8 | 2019-04-22 | CVE-2019-11235 | FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. |
9.8 | 2019-04-22 | CVE-2019-11234 | FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. |
7.5 | 2017-07-17 | CVE-2017-10978 | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. |
6 | 2013-03-12 | CVE-2011-4966 | modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. |
5 | 2009-09-09 | CVE-2009-3111 | The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. |
5 | 2007-04-13 | CVE-2007-2028 | Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. |
6.6 | 2007-01-05 | CVE-2007-0080 | Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute |
5 | 2005-02-09 | CVE-2004-0961 | Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. |
5 | 2005-02-09 | CVE-2004-0960 | FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. |
5 | 2004-11-03 | CVE-2004-0938 | FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. |
10 | 2003-12-15 | CVE-2003-0968 | Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. |
5 | 2003-12-15 | CVE-2003-0967 | rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
16% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
8% (1) | CWE-662 | Insufficient Synchronization |
8% (1) | CWE-522 | Insufficiently Protected Credentials |
8% (1) | CWE-476 | NULL Pointer Dereference |
8% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
8% (1) | CWE-287 | Improper Authentication |
8% (1) | CWE-266 | Incorrect Privilege Assignment |
8% (1) | CWE-255 | Credentials Management |
8% (1) | CWE-250 | Execution with Unnecessary Privileges |
8% (1) | CWE-203 | Information Exposure Through Discrepancy |
8% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
57897 | FreeRADIUS radiusd rad_decode Function Zero-length Tunnel-Password Attribute ... |
34912 | FreeRADIUS Malformed EAP-TTLS Connections Memory Exhaustion Remote DoS |
32082 | FreeRADIUS SMB_Connect_Server Function SMB_Handle_Type Instance Remote Overflow |
11807 | FreeRADIUS Malformed USR VSA DoS |
11806 | FreeRADIUS Access-Request Packet Memory Leak DoS |
10178 | FreeRADIUS Ascend-Send-Secret Processing Remote DoS |
10086 | FreeRADIUS rlm_smb Module SMB_Logon_Server Remote Overflow |
2850 | FreeRADIUS Tagged Attribute Handling DoS |
OpenVAS Exploits
id | Description |
---|---|
2011-08-09 | Name : CentOS Update for freeradius CESA-2009:1451 centos5 i386 File : nvt/gb_CESA-2009_1451_freeradius_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2010-01-15 | Name : Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius) File : nvt/gb_mandriva_MDVSA_2009_227_1.nasl |
2009-12-30 | Name : FreeBSD Ports: freeradius File : nvt/freebsd_freeradius5.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1451 (freeradius) File : nvt/ovcesa2009_1451.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-13 | Name : SLES10: Security update for freeradius File : nvt/sles10_freeradius.nasl |
2009-10-10 | Name : SLES9: Security update for freeradius File : nvt/sles9p5059720.nasl |
2009-10-10 | Name : SLES9: Security update for freeradius File : nvt/sles9p5020911.nasl |
2009-10-10 | Name : SLES9: Security update for freeradius File : nvt/sles9p5017148.nasl |
2009-09-23 | Name : FreeRADIUS Tunnel-Password Denial Of Service Vulnerability File : nvt/secpod_freeradius_tunnel_password_dos_vuln.nasl |
2009-09-21 | Name : Ubuntu USN-832-1 (freeradius) File : nvt/ubuntu_832_1.nasl |
2009-09-21 | Name : RedHat Security Advisory RHSA-2009:1451 File : nvt/RHSA_2009_1451.nasl |
2009-04-09 | Name : Mandriva Update for freeradius MDKSA-2007:085 (freeradius) File : nvt/gb_mandriva_MDKSA_2007_085.nasl |
2009-02-27 | Name : Fedora Update for freeradius FEDORA-2007-499 File : nvt/gb_fedora_2007_499_freeradius_fc6.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200704-14 (FreeRADIUS) File : nvt/glsa_200704_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-29 (FreeRADIUS) File : nvt/glsa_200409_29.nasl |
2008-09-04 | Name : FreeBSD Ports: freeradius, freeradius-mysql File : nvt/freebsd_freeradius4.nasl |
2008-09-04 | Name : FreeBSD Ports: freeradius File : nvt/freebsd_freeradius.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-19 | FreeRadius malformed service type field denial of service attempt RuleID : 51085 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | FreeRADIUS RADIUS server rad_decode remote denial of service attempt RuleID : 16209 - Type : SERVER-OTHER - Revision : 8 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1759.nasl - Type: ACT_GATHER_INFO |
2017-10-26 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1192.nasl - Type: ACT_GATHER_INFO |
2017-09-28 | Name: The remote host is missing a security update for macOS Server. File: macos_server_5_4.nasl - Type: ACT_GATHER_INFO |
2017-09-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1168.nasl - Type: ACT_GATHER_INFO |
2017-09-08 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1167.nasl - Type: ACT_GATHER_INFO |
2017-08-29 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-972.nasl - Type: ACT_GATHER_INFO |
2017-08-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1064.nasl - Type: ACT_GATHER_INFO |
2017-08-25 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-2389.nasl - Type: ACT_GATHER_INFO |
2017-08-24 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2244-1.nasl - Type: ACT_GATHER_INFO |
2017-08-24 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2243-1.nasl - Type: ACT_GATHER_INFO |
2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170802_freeradius_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
2017-08-18 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2202-1.nasl - Type: ACT_GATHER_INFO |
2017-08-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3930.nasl - Type: ACT_GATHER_INFO |
2017-08-10 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-2389.nasl - Type: ACT_GATHER_INFO |
2017-08-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-865.nasl - Type: ACT_GATHER_INFO |
2017-08-02 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2389.nasl - Type: ACT_GATHER_INFO |
2017-07-28 | Name: The remote Fedora host is missing a security update. File: fedora_2017-0d726dbed3.nasl - Type: ACT_GATHER_INFO |
2017-07-28 | Name: The remote Fedora host is missing a security update. File: fedora_2017-24c64c531a.nasl - Type: ACT_GATHER_INFO |
2017-07-28 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3369-1.nasl - Type: ACT_GATHER_INFO |
2017-07-20 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-1759.nasl - Type: ACT_GATHER_INFO |
2017-07-19 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170718_freeradius_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2017-07-19 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1759.nasl - Type: ACT_GATHER_INFO |
2017-07-18 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1759.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-37.nasl - Type: ACT_GATHER_INFO |
2014-02-27 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2122-1.nasl - Type: ACT_GATHER_INFO |