Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-79BBEC7E-8141-11E7-B5AF-A4BADB2F4699: FreeRadius -- Multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-79BBEC7E-8141-11E7-B5AF-A4BADB2F4699: FreeRadius -- Multiple vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/17/2017
Created
07/25/2018
Added
08/15/2017
Modified
09/19/2017

Description

Guido Vranken reports:

Multiple vulnerabilities found via fuzzing:

FR-GV-201 (v2,v3) Read / write overflow in make_secret()

FR-GV-202 (v2) Write overflow in rad_coalesce()

FR-GV-203 (v2) DHCP - Memory leak in decode_tlv()

FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode()

FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options()

FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63

FR-GV-207 (v2) Zero-length malloc in data2vp()

FR-GV-301 (v3) Write overflow in data2vp_wimax()

FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes

FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()

FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions()

FR-GV-305 (v3) Decode 'signed' attributes correctly

FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data

FR-AD-002 (v3) String lifetime issues in rlm_python

FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare

Solution(s)

  • freebsd-upgrade-package-freeradius3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;