VuXML ID | Description |
1a216dfd-f710-11da-9156-000e0c2e438a | freeradius -- authentication bypass vulnerability
The freeradius development team reports:
A validation issue exists with the EAP-MSCHAPv2 module
in all versions from 1.0.0 (where the module first
appeared) to 1.1.0. Insufficient input validation was being
done in the EAP-MSCHAPv2 state machine. A malicious
attacker could manipulate their EAP-MSCHAPv2 client state
machine to potentially convince the server to bypass
authentication checks. This bypassing could also result
in the server crashing
Discovery 2006-06-03 Entry 2006-06-08 freeradius
gt 1.0.0 le 1.1.0
17293
CVE-2006-1354
|
1b3f854b-e4bd-11de-b276-000d8787e1be | freeradius -- remote packet of death vulnerability
freeRADIUS Vulnerability Notifications reports:
2009.09.09 v1.1.7 - Anyone who can send packets to
the server can crash it by sending a Tunnel-Password
attribute in an Access-Request packet. This
vulnerability is not otherwise exploitable. We have
released 1.1.8 to correct this vulnerability.
This issue is similar to the previous Tunnel-Password
issue noted below. The vulnerable versions are 1.1.3
through 1.1.7. Version 2.x is not affected.
Discovery 2009-09-09 Entry 2009-12-14 Modified 2009-12-14 freeradius
< 1.1.8
CVE-2009-3111
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111
http://freeradius.org/security.html
http://www.milw0rm.com/exploits/9642
|
20dfd134-1d39-11d9-9be9-000c6e8f12ef | freeradius -- denial-of-service vulnerability
A remote attacker may be able to crash the freeRADIUS Server
due to three independant bugs in the function which does
improper checking values while processing RADIUS
attributes.
Discovery 2004-09-20 Entry 2004-10-13 Modified 2004-10-19 freeradius
ge 0.8.0 lt 1.0.1
CVE-2004-0938
CVE-2004-0960
CVE-2004-0961
http://www.securitytracker.com/alerts/2004/Sep/1011364.html
541574
11222
|
2fbe16c2-cab6-11d9-9aed-000e0c2e438a | freeradius -- sql injection and denial of service vulnerability
A Gentoo Advisory reports:
The FreeRADIUS server is vulnerable to an SQL injection
attack and a buffer overflow, possibly resulting in
disclosure and modification of data and Denial of
Service.
Discovery 2005-05-17 Entry 2005-05-22 Modified 2008-01-20 freeradius
le 1.0.2_1
freeradius-devel
le 1.0.2
13540
13541
http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml
|
37a5c10f-bf56-11da-b0e9-00123ffe8333 | freeradius -- EAP-MSCHAPv2 Authentication Bypass
Freeradius Security Contact reports:
Insufficient input validation was being done in the
EAP-MSCHAPv2 state machine. A malicious attacker could
manipulate their EAP-MSCHAPv2 client state machine to
potentially convince the server to bypass authentication
checks. This bypassing could also result in the server
crashing.
Discovery 2006-03-21 Entry 2006-03-29 freeradius
ge 1.0.0 lt 1.1.1
CVE-2006-1354
http://www.freeradius.org/security.html#1.1.0
http://secunia.com/advisories/19300/
|
3bbbe3aa-fbeb-11e1-8bd8-0022156e8794 | freeradius -- arbitrary code execution for TLS-based authentication
freeRADIUS security team reports:
Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12.
The issue was found by Timo Warns, and communicated to
security@freeradius.org. A sample exploit for the issue was
included in the notification.
The vulnerability was created in commit a368a6f4f4aaf on
August 18, 2010. Vulnerable versions include 2.1.10, 2.1.11,
and 2.1.12. Also anyone running the git "master" branch
after August 18, 2010 is vulnerable.
All sites using TLS-based EAP methods and the above
versions are vulnerable. The only configuration change which
can avoid the issue is to disable EAP-TLS, EAP-TTLS, and
PEAP.
An external attacker can use this vulnerability to
over-write the stack frame of the RADIUS server, and cause
it to crash. In addition, more sophisticated attacks may
gain additional privileges on the system running the RADIUS
server.
This attack does not require local network access to the
RADIUS server. It can be done by an attacker through a WiFi
Access Point, so long as the Access Point is configured to
use 802.1X authentication with the RADIUS server.
Discovery 2012-09-10 Entry 2012-09-11 Modified 2012-09-11 freeradius
ge 2.1.10 lt 2.1.12_2
CVE-2012-3547
http://freeradius.org/security.html
http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt
|
673dce46-46d0-11e7-a539-0050569f7e80 | FreeRADIUS -- TLS resumption authentication bypass
Stefan Winter reports:
The TLS session cache in FreeRADIUS before 3.0.14 fails to
reliably prevent resumption of an unauthenticated session, which
allows remote attackers (such as malicious 802.1X supplicants) to
bypass authentication via PEAP or TTLS.
Discovery 2017-02-03 Entry 2017-06-01 freeradius
freeradius2
freeradius3
< 3.0.14
CVE-2017-9148
http://freeradius.org/security.html
http://seclists.org/oss-sec/2017/q2/342
http://www.securityfocus.com/bid/98734
|
c110eda2-e995-11db-a944-0012f06707f0 | freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
The freeradius development team reports:
A malicious 802.1x supplicant could send malformed Diameter format
attributes inside of an EAP-TTLS tunnel. The server would reject
the authentication request, but would leak one VALUE_PAIR data
structure, of approximately 300 bytes. If an attacker performed
the attack many times (e.g. thousands or more over a period of
minutes to hours), the server could leak megabytes of memory,
potentially leading to an "out of memory" condition, and early
process exit.
Discovery 2007-04-10 Entry 2007-04-13 Modified 2010-05-12 freeradius
freeradius-mysql
le 1.1.5
23466
CVE-2005-1455
CVE-2005-1454
CVE-2007-2028
CVE-2005-4745
http://www.freeradius.org/security.html
|
ec2f2ff5-f710-11da-9156-000e0c2e438a | freeradius -- multiple vulnerabilities
The freeradious development team reports:
Multiple issues exist with version 1.0.4, and all prior
versions of the server. Externally exploitable
vulnerabilities exist only for sites that use the
rlm_sqlcounter module. Those sites may be vulnerable to
SQL injection attacks, similar to the issues noted below.
All sites that have not deployed the rlm_sqlcounter module
are not vulnerable to external exploits.
The issues are:
SQL Injection attack in the rlm_sqlcounter module.
Buffer overflow in the rlm_sqlcounter module, that may cause
a server crash.
Buffer overflow while expanding %t, that may cause a server
crash.
Discovery 2005-09-09 Entry 2006-06-08 freeradius
ge 1.0.0 le 1.0.4
17171
CVE-2005-4744
|