Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | freeradius security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-3930 | First vendor Publication | 2017-08-10 |
| Vendor | Debian | Last vendor Modification | 2017-08-10 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All those issues are covered by this single DSA, but it's worth noting that not all issues affect all releases: - CVE-2017-10978 and CVE-2017-10983 affect both jessie and stretch - CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and CVE-2017-10982 affect only jessie - CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and CVE-2017-10987 affect only stretch. For the oldstable distribution (jessie), these problems have been fixed in version 2.2.5+dfsg-0.2+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 3.0.12+dfsg-5+deb9u1. We recommend that you upgrade your freeradius packages. |
Original Source
| Url : http://www.debian.org/security/2017/dsa-3930 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 25 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 25 % | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 25 % | CWE-125 | Out-of-bounds Read |
| 25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51233 - Revision : 1 - Type : SERVER-OTHER |
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51232 - Revision : 1 - Type : SERVER-OTHER |
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51231 - Revision : 1 - Type : SERVER-OTHER |
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51230 - Revision : 1 - Type : SERVER-OTHER |
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51229 - Revision : 1 - Type : SERVER-OTHER |
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51228 - Revision : 1 - Type : SERVER-OTHER |
| 2019-09-24 | FreeRADIUS DHCP string options integer underflow attempt RuleID : 51227 - Revision : 1 - Type : SERVER-OTHER |
| 2017-10-10 | FreeRADIUS data2vp_wimax out of bounds write attempt RuleID : 44293 - Revision : 3 - Type : SERVER-OTHER |
| 2017-09-26 | FreeRADIUS invalid WiMAX VSA length out of bounds write attempt RuleID : 44085 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-11-27 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-1759.nasl - Type : ACT_GATHER_INFO |
| 2017-10-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1192.nasl - Type : ACT_GATHER_INFO |
| 2017-09-28 | Name : The remote host is missing a security update for macOS Server. File : macos_server_5_4.nasl - Type : ACT_GATHER_INFO |
| 2017-09-08 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1168.nasl - Type : ACT_GATHER_INFO |
| 2017-09-08 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1167.nasl - Type : ACT_GATHER_INFO |
| 2017-08-29 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-972.nasl - Type : ACT_GATHER_INFO |
| 2017-08-28 | Name : The remote Debian host is missing a security update. File : debian_DLA-1064.nasl - Type : ACT_GATHER_INFO |
| 2017-08-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-2389.nasl - Type : ACT_GATHER_INFO |
| 2017-08-24 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2244-1.nasl - Type : ACT_GATHER_INFO |
| 2017-08-24 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2243-1.nasl - Type : ACT_GATHER_INFO |
| 2017-08-22 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170802_freeradius_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
| 2017-08-18 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2202-1.nasl - Type : ACT_GATHER_INFO |
| 2017-08-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3930.nasl - Type : ACT_GATHER_INFO |
| 2017-08-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-2389.nasl - Type : ACT_GATHER_INFO |
| 2017-08-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-865.nasl - Type : ACT_GATHER_INFO |
| 2017-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2389.nasl - Type : ACT_GATHER_INFO |
| 2017-07-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-3369-1.nasl - Type : ACT_GATHER_INFO |
| 2017-07-28 | Name : The remote Fedora host is missing a security update. File : fedora_2017-24c64c531a.nasl - Type : ACT_GATHER_INFO |
| 2017-07-28 | Name : The remote Fedora host is missing a security update. File : fedora_2017-0d726dbed3.nasl - Type : ACT_GATHER_INFO |
| 2017-07-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-1759.nasl - Type : ACT_GATHER_INFO |
| 2017-07-19 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170718_freeradius_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2017-07-19 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-1759.nasl - Type : ACT_GATHER_INFO |
| 2017-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-1759.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2017-08-12 13:24:55 |
|
| 2017-08-10 17:22:20 |
|
