Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
CVE-2011-2701 | 1 Freeradius | 1 Freeradius | 2018-10-09 | 5.8 MEDIUM | N/A |
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. | |||||
CVE-2017-9148 | 1 Freeradius | 1 Freeradius | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. | |||||
CVE-2017-10984 | 1 Freeradius | 1 Freeradius | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |||||
CVE-2017-10983 | 1 Freeradius | 1 Freeradius | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | |||||
CVE-2017-10979 | 1 Freeradius | 1 Freeradius | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |||||
CVE-2014-2015 | 1 Freeradius | 1 Freeradius | 2018-01-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | |||||
CVE-2007-2028 | 1 Freeradius | 1 Freeradius | 2017-10-10 | 5.0 MEDIUM | N/A |
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. | |||||
CVE-2005-1455 | 1 Freeradius | 1 Freeradius | 2017-10-10 | 7.5 HIGH | N/A |
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). | |||||
CVE-2005-1454 | 1 Freeradius | 1 Freeradius | 2017-10-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries. | |||||
CVE-2006-1354 | 1 Freeradius | 1 Freeradius | 2017-10-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. | |||||
CVE-2003-0967 | 1 Freeradius | 1 Freeradius | 2017-10-10 | 5.0 MEDIUM | N/A |
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. | |||||
CVE-2004-0960 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2017-10-10 | 5.0 MEDIUM | N/A |
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. | |||||
CVE-2004-0961 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2017-10-10 | 5.0 MEDIUM | N/A |
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes. | |||||
CVE-2004-0938 | 1 Freeradius | 1 Freeradius | 2017-10-10 | 5.0 MEDIUM | N/A |
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. | |||||
CVE-2009-3111 | 1 Freeradius | 1 Freeradius | 2017-09-18 | 5.0 MEDIUM | N/A |
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967. | |||||
CVE-2012-3547 | 1 Freeradius | 1 Freeradius | 2017-08-28 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. | |||||
CVE-2015-8762 | 1 Freeradius | 1 Freeradius | 2017-03-30 | 4.3 MEDIUM | 5.9 MEDIUM |
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. | |||||
CVE-2015-8764 | 1 Freeradius | 1 Freeradius | 2017-03-30 | 6.8 MEDIUM | 8.1 HIGH |
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | |||||
CVE-2015-8763 | 1 Freeradius | 1 Freeradius | 2017-03-30 | 6.8 MEDIUM | 8.1 HIGH |
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. |