Guido Vranken reports:
Multiple vulnerabilities found via fuzzing:
FR-GV-201 (v2,v3) Read / write overflow in make_secret()
FR-GV-202 (v2) Write overflow in rad_coalesce()
FR-GV-203 (v2) DHCP - Memory leak in decode_tlv()
FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode()
FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options()
FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63
FR-GV-207 (v2) Zero-length malloc in data2vp()
FR-GV-301 (v3) Write overflow in data2vp_wimax()
FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes
FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()
FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions()
FR-GV-305 (v3) Decode 'signed' attributes correctly
FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data
FR-AD-002 (v3) String lifetime issues in rlm_python
FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center