Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3930-1:A64AC
HistoryAug 10, 2017 - 2:48 p.m.

[SECURITY] [DSA 3930-1] freeradius security update

2017-08-1014:48:43
lists.debian.org
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Debian Security Advisory DSA-3930-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
August 10, 2017 https://www.debian.org/security/faq

Package : freeradius
CVE ID : CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981
CVE-2017-10982 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985
CVE-2017-10986 CVE-2017-10987
Debian Bug : 868765

Guido Vranken discovered that FreeRADIUS, an open source
implementation of RADIUS, the IETF protocol for AAA (Authorisation,
Authentication, and Accounting), did not properly handle memory when
processing packets. This would allow a remote attacker to cause a
denial-of-service by application crash, or potentially execute
arbitrary code.

All those issues are covered by this single DSA, but it's worth noting
that not all issues affect all releases:

  • CVE-2017-10978 and CVE-2017-10983 affect both jessie and stretch

  • CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and CVE-2017-10982
    affect only jessie

  • CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and CVE-2017-10987
    affect only stretch.

For the oldstable distribution (jessie), these problems have been fixed
in version 2.2.5+dfsg-0.2+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 3.0.12+dfsg-5+deb9u1.

We recommend that you upgrade your freeradius packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8i386freeradius-ldap< 2.2.5+dfsg-0.2+deb8u1freeradius-ldap_2.2.5+dfsg-0.2+deb8u1_i386.deb
Debian8mipselfreeradius-ldap< 2.2.5+dfsg-0.2+deb8u1freeradius-ldap_2.2.5+dfsg-0.2+deb8u1_mipsel.deb
Debian8mipselfreeradius-iodbc< 2.2.5+dfsg-0.2+deb8u1freeradius-iodbc_2.2.5+dfsg-0.2+deb8u1_mipsel.deb
Debian8powerpcfreeradius-mysql< 2.2.5+dfsg-0.2+deb8u1freeradius-mysql_2.2.5+dfsg-0.2+deb8u1_powerpc.deb
Debian9i386freeradius-postgresql-dbgsym< 3.0.12+dfsg-5+deb9u1freeradius-postgresql-dbgsym_3.0.12+dfsg-5+deb9u1_i386.deb
Debian9arm64libfreeradius-dev< 3.0.12+dfsg-5+deb9u1libfreeradius-dev_3.0.12+dfsg-5+deb9u1_arm64.deb
Debian9i386libfreeradius-dev< 3.0.12+dfsg-5+deb9u1libfreeradius-dev_3.0.12+dfsg-5+deb9u1_i386.deb
Debian9s390xfreeradius-dhcp-dbgsym< 3.0.12+dfsg-5+deb9u1freeradius-dhcp-dbgsym_3.0.12+dfsg-5+deb9u1_s390x.deb
Debian9mips64elfreeradius-krb5< 3.0.12+dfsg-5+deb9u1freeradius-krb5_3.0.12+dfsg-5+deb9u1_mips64el.deb
Debian9armhffreeradius-krb5< 3.0.12+dfsg-5+deb9u1freeradius-krb5_3.0.12+dfsg-5+deb9u1_armhf.deb
Rows per page:
1-10 of 4471

Related

nessus 24
openvas 16
ubuntu 1
debian 2
mageia 1
centos 2
oraclelinux 2
redhat 2
osv 12
amazon 1
archlinux 1
fedora 2
suse 2
apple 2
veracode 6
ubuntucve 10
prion 10
debiancve 10
cve 10
checkpoint_advisories 2
redhatcve 10
nessus
nessus
Debian DSA-3930-1 : freeradius - security update
2017-08-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : FreeRADIUS vulnerabilities (USN-3369-1)
2017-07-28 00:00:00
Fedora 26 : freeradius (2017-0d726dbed3)
2017-07-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3930-1)
2017-08-09 00:00:00
Ubuntu: Security Advisory (USN-3369-1)
2017-07-28 00:00:00
Mageia: Security Advisory (MGASA-2017-0232)
2022-01-28 00:00:00
ubuntu
ubuntu
FreeRADIUS vulnerabilities
2017-07-27 00:00:00
debian
debian
[SECURITY] [DSA 3930-1] freeradius security update
2017-08-10 14:48:43
[SECURITY] [DLA 1064-1] freeradius security update
2017-08-25 17:46:20
mageia
mageia
Updated freeradius packages fix security vulnerabilities
2017-07-30 18:58:51
centos
centos
freeradius security update
2017-08-24 09:43:49
freeradius security update
2017-07-19 14:29:47
oraclelinux
oraclelinux
freeradius security update
2017-07-18 00:00:00
freeradius security update
2017-08-09 00:00:00
redhat
redhat
(RHSA-2017:1759) Important: freeradius security update
2017-07-18 02:27:56
(RHSA-2017:2389) Important: freeradius security update
2017-08-01 14:36:42
osv
osv
freeradius - security update
2017-08-25 00:00:00
freeradius - security update
2017-08-10 00:00:00
CVE-2017-10980
2017-07-17 17:29:00
amazon
amazon
Important: freeradius
2017-08-03 19:11:00
archlinux
archlinux
[ASA-201707-23] freeradius: multiple issues
2017-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: freeradius-3.0.15-1.fc26
2017-07-27 16:54:18
[SECURITY] Fedora 25 Update: freeradius-3.0.15-1.fc25
2017-07-27 21:54:09
suse
suse
Security update for freeradius-server (important)
2017-08-17 12:15:26
Security update for freeradius-server (important)
2017-08-28 15:07:53
apple
apple
About the security content of macOS Server 5.4 - Apple Support
2017-10-31 05:52:44
About the security content of macOS Server 5.4
2017-09-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:37
Denial Of Service (DoS)
2019-05-02 06:30:37
Denial Of Service (DoS)
2019-05-02 06:30:37
ubuntucve
ubuntucve
CVE-2017-10987
2017-07-17 00:00:00
CVE-2017-10980
2017-07-17 00:00:00
CVE-2017-10984
2017-07-17 00:00:00
prion
prion
Memory corruption
2017-07-17 17:29:00
Design/Logic Flaw
2017-07-17 17:29:00
Denial of service
2017-07-17 17:29:00
debiancve
debiancve
CVE-2017-10980
2017-07-17 17:29:00
CVE-2017-10985
2017-07-17 17:29:00
CVE-2017-10986
2017-07-17 17:29:00
cve
cve
CVE-2017-10984
2017-07-17 17:29:00
CVE-2017-10985
2017-07-17 17:29:00
CVE-2017-10979
2017-07-17 17:29:00
checkpoint_advisories
checkpoint_advisories
FreeRADIUS data2vp_wimax Heap Buffer Overflow (CVE-2017-10984)
2017-07-30 00:00:00
FreeRADIUS fr_dhcp_attr2vp Integer Underflow Out of Bounds Read (CVE-2017-10986)
2018-04-26 00:00:00
redhatcve
redhatcve
CVE-2017-10983
2019-10-11 16:53:58
CVE-2017-10984
2017-07-17 14:50:32
CVE-2017-10979
2017-07-17 14:51:26

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for DEBIAN:DSA-3930-1:A64AC
nessus24openvas16ubuntu1debian2mageia1centos2oraclelinux2redhat2osv12amazon1archlinux1fedora2suse2apple2veracode6ubuntucve10prion10debiancve10cve10checkpoint_advisories2redhatcve10