ID 379788F3-2900-11E5-A4A5-002590263BF5 Type freebsd Reporter FreeBSD Modified 2015-06-22T00:00:00
Description
oCERT reports:
The FreeRADIUS server relies on OpenSSL to perform certificate
validation, including Certificate Revocation List (CRL) checks. The
FreeRADIUS usage of OpenSSL, in CRL application, limits the checks
to leaf certificates, therefore not detecting revocation of
intermediate CA certificates.
An unexpired client certificate, issued by an intermediate CA with
a revoked certificate, is therefore accepted by FreeRADIUS.
Specifically sets the X509_V_FLAG_CRL_CHECK flag for leaf
certificate CRL checks, but does not use X509_V_FLAG_CRL_CHECK_ALL
for CRL checks on the complete trust chain.
The FreeRADIUS project advises that the recommended configuration
is to use self-signed CAs for all EAP-TLS methods.
{"id": "379788F3-2900-11E5-A4A5-002590263BF5", "bulletinFamily": "unix", "title": "freeradius -- insufficient CRL application vulnerability", "description": "\noCERT reports:\n\nThe FreeRADIUS server relies on OpenSSL to perform certificate\n\t validation, including Certificate Revocation List (CRL) checks. The\n\t FreeRADIUS usage of OpenSSL, in CRL application, limits the checks\n\t to leaf certificates, therefore not detecting revocation of\n\t intermediate CA certificates.\nAn unexpired client certificate, issued by an intermediate CA with\n\t a revoked certificate, is therefore accepted by FreeRADIUS.\nSpecifically sets the X509_V_FLAG_CRL_CHECK flag for leaf\n\t certificate CRL checks, but does not use X509_V_FLAG_CRL_CHECK_ALL\n\t for CRL checks on the complete trust chain.\nThe FreeRADIUS project advises that the recommended configuration\n\t is to use self-signed CAs for all EAP-TLS methods.\n\n", "published": "2015-06-22T00:00:00", "modified": "2015-06-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://vuxml.freebsd.org/freebsd/379788f3-2900-11e5-a4a5-002590263bf5.html", "reporter": "FreeBSD", "references": ["http://www.ocert.org/advisories/ocert-2015-008.html", "http://freeradius.org/security.html"], "cvelist": ["CVE-2015-4680"], "type": "freebsd", "lastseen": "2019-05-29T18:33:10", "edition": 6, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4680"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-977.NASL", "FREEBSD_PKG_379788F3290011E5A4A5002590263BF5.NASL", "SUSE_SU-2017-1777-1.NASL", "SUSE_SU-2017-0102-1.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32249", "SECURITYVULNS:VULN:14554"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310890977", "OPENVAS:1361412562310130087"]}, {"type": "suse", "idList": ["SUSE-SU-2017:0102-1"]}, {"type": "archlinux", "idList": ["ASA-201508-6"]}, {"type": "debian", "idList": ["DEBIAN:DLA-977-1:5B986"]}], "modified": "2019-05-29T18:33:10", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2019-05-29T18:33:10", "rev": 2}, "vulnersScore": 5.0}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "freeradius3", "packageVersion": "3.0.9"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "freeradius2", "packageVersion": "2.2.8"}], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-04-22T23:51:43", "description": "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-05T17:59:00", "title": "CVE-2015-4680", "type": "cve", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4680"], "modified": "2018-10-09T19:57:00", "cpe": ["cpe:/a:freeradius:freeradius:3.0.3", "cpe:/a:freeradius:freeradius:3.0.5", "cpe:/a:freeradius:freeradius:2.2.2", "cpe:/a:freeradius:freeradius:3.0.6", "cpe:/a:freeradius:freeradius:3.0.7", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/a:freeradius:freeradius:3.0.4", "cpe:/a:freeradius:freeradius:3.0.1", "cpe:/a:freeradius:freeradius:3.0.8", "cpe:/a:freeradius:freeradius:2.2.1", "cpe:/a:freeradius:freeradius:2.2.7", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/a:freeradius:freeradius:2.2.6", "cpe:/a:freeradius:freeradius:3.0.0", "cpe:/a:freeradius:freeradius:2.2.5", "cpe:/a:freeradius:freeradius:2.2.0", "cpe:/a:freeradius:freeradius:3.0.2", "cpe:/a:freeradius:freeradius:2.2.4", "cpe:/a:freeradius:freeradius:2.2.3"], "id": "CVE-2015-4680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4680", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4680"], "description": "Mageia Linux Local Security Checks mgasa-2015-0291", "modified": "2018-09-28T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310130087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130087", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0291", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0291.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130087\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:33 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0291\");\n script_tag(name:\"insight\", value:\"The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS (CVE-2015-4680). The freeradius package has been updated to version 2.2.8, which fixes this issue, as well as the failure to run on Mageia 5 due to an OpenSSL issue.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0291.html\");\n script_cve_id(\"CVE-2015-4680\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0291\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~2.2.8~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T20:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4680", "CVE-2014-2015", "CVE-2017-9148"], "description": "Several issues were discovered in FreeRADIUS, a high-performance and\nhighly configurable RADIUS server.\n\nCVE-2014-2015\n\nA stack-based buffer overflow was found in the normify function in\nthe rlm_pap module, which can be attacked by existing users to\ncause denial of service or other issues.\n\nCVE-2015-4680\n\nIt was discovered that freeradius failed to check revocation of\nintermediate CA certificates, thus accepting client certificates\nissued by revoked certificates from an intermediate CA.\n\nNote that to enable checking of intermediate CA certificates, it\nis necessary to enable the check_all_crl option of the EAP TLS\nsection in eap.conf. This is only necessary for servers using\ncertificates signed by an intermediate CA. Servers that use\nself-signed CA certificate are unaffected.\n\nCVE-2017-9148\n\nThe TLS session cache fails to reliably prevent resumption of an\nunauthenticated session, which allows remote attackers (such as\nmalicious 802.1X supplicants) to bypass authentication via PEAP or\nTTLS.", "modified": "2020-01-29T00:00:00", "published": "2018-01-29T00:00:00", "id": "OPENVAS:1361412562310890977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890977", "type": "openvas", "title": "Debian LTS: Security Advisory for freeradius (DLA-977-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890977\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2014-2015\", \"CVE-2015-4680\", \"CVE-2017-9148\");\n script_name(\"Debian LTS: Security Advisory for freeradius (DLA-977-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 00:00:00 +0100 (Mon, 29 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/06/msg00005.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"freeradius on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.1.12+dfsg-1.2+deb7u1.\n\nWe recommend that you upgrade your freeradius packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues were discovered in FreeRADIUS, a high-performance and\nhighly configurable RADIUS server.\n\nCVE-2014-2015\n\nA stack-based buffer overflow was found in the normify function in\nthe rlm_pap module, which can be attacked by existing users to\ncause denial of service or other issues.\n\nCVE-2015-4680\n\nIt was discovered that freeradius failed to check revocation of\nintermediate CA certificates, thus accepting client certificates\nissued by revoked certificates from an intermediate CA.\n\nNote that to enable checking of intermediate CA certificates, it\nis necessary to enable the check_all_crl option of the EAP TLS\nsection in eap.conf. This is only necessary for servers using\ncertificates signed by an intermediate CA. Servers that use\nself-signed CA certificate are unaffected.\n\nCVE-2017-9148\n\nThe TLS session cache fails to reliably prevent resumption of an\nunauthenticated session, which allows remote attackers (such as\nmalicious 802.1X supplicants) to bypass authentication via PEAP or\nTTLS.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-common\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-dbg\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-dialupadmin\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-iodbc\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-krb5\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-ldap\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-mysql\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-postgresql\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"freeradius-utils\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreeradius-dev\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libfreeradius2\", ver:\"2.1.12+dfsg-1.2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-01-10T22:05:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4680"], "edition": 1, "description": "This update of freeradius-server fixes several issues.\n\n Security issue fixed:\n - CVE-2015-4680: Fixed Insufficent CRL application for intermediate\n certificates (bsc#935573)\n\n Non security issues fixed:\n - Allows FreeRadius Server to start on SUSE Linux Enterprise Server 12 SP2\n systems by relaxing a too strict openssl version check. (bsc#1013311)\n - Fixed radclient error free() invalid pointer (bsc#911886)\n - Fixed failing rebuild of freeradius-server package (bsc#951404)\n\n", "modified": "2017-01-10T19:09:23", "published": "2017-01-10T19:09:23", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html", "id": "SUSE-SU-2017:0102-1", "type": "suse", "title": "Security update for freeradius-server (important)", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4680"], "description": "The FreeRADIUS server relies on OpenSSL to perform certificate\nvalidation, including Certificate Revocation List (CRL) checks. The\nFreeRADIUS usage of OpenSSL, in CRL application, limits the checks to\nleaf certificates, therefore not detecting revocation of intermediate CA\ncertificates.\nAn unexpired client certificate, issued by an intermediate CA with a\nrevoked certificate, is therefore accepted by FreeRADIUS.", "modified": "2015-08-14T00:00:00", "published": "2015-08-14T00:00:00", "id": "ASA-201508-6", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html", "type": "archlinux", "title": "freeradius: insufficient CRL validation", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-4680"], "description": "\r\n\r\n\r\n#2015-008 FreeRADIUS insufficent CRL application\r\n\r\nDescription:\r\n\r\nThe FreeRADIUS server is an open source project that provides a RADIUS\r\nimplementation.\r\n\r\nThe FreeRADIUS server relies on OpenSSL to perform certificate validation,\r\nincluding Certificate Revocation List (CRL) checks. The FreeRADIUS usage of\r\nOpenSSL, in CRL application, limits the checks to leaf certificates,\r\ntherefore not detecting revocation of intermediate CA certificates.\r\n\r\nAn unexpired client certificate, issued by an intermediate CA with a revoked\r\ncertificate, is therefore accepted by FreeRADIUS.\r\n\r\nSpecifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate CRL\r\nchecks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks on the\r\ncomplete trust chain.\r\n\r\nThe FreeRADIUS project advises that the recommended configuration is to use\r\nself-signed CAs for all EAP-TLS methods.\r\n\r\nAffected version:\r\n\r\n FreeRADIUS <= 2.2.7, <= 3.0.8\r\n\r\nFixed version:\r\n\r\n FreeRADIUS >= 2.2.8, >= 3.0.9\r\n\r\nCredit: vulnerability anonymously reported.\r\n\r\nCVE: CVE-2015-4680\r\n\r\nTimeline:\r\n\r\n2015-06-17: vulnerability report received\r\n2015-06-18: contacted FreeRADIUS security maintainer\r\n2015-06-18: patch provided by maintainer\r\n2015-06-19: assigned CVE\r\n2015-06-22: advisory release\r\n\r\nReferences:\r\nhttps://github.com/FreeRADIUS/freeradius-server/blob/b28326004379260ca2fe7b8884f813d90a741197/src/main/tls.c#L2111\r\nhttps://github.com/FreeRADIUS/freeradius-server/blob/b28326004379260ca2fe7b8884f813d90a741197/src/main/tls.c#L2595\r\nhttp://freeradius.org/security.html\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2015-008.html\r\n\r\n-- Andrea Barisani | Founder & Project Coordinator oCERT | OSS Computer Security Incident Response Team <lcars@ocert.org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"\r\n\r\n", "edition": 1, "modified": "2015-06-29T00:00:00", "published": "2015-06-29T00:00:00", "id": "SECURITYVULNS:DOC:32249", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32249", "title": "[oCERT-2015-008] FreeRADIUS insufficent CRL application", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-4680"], "description": "Insufficient certificate revocations checks.", "edition": 1, "modified": "2015-06-29T00:00:00", "published": "2015-06-29T00:00:00", "id": "SECURITYVULNS:VULN:14554", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14554", "title": "FreeRADIUS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T10:41:19", "description": "oCERT reports :\n\nThe FreeRADIUS server relies on OpenSSL to perform certificate\nvalidation, including Certificate Revocation List (CRL) checks. The\nFreeRADIUS usage of OpenSSL, in CRL application, limits the checks to\nleaf certificates, therefore not detecting revocation of intermediate\nCA certificates.\n\nAn unexpired client certificate, issued by an intermediate CA with a\nrevoked certificate, is therefore accepted by FreeRADIUS.\n\nSpecifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate\nCRL checks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks\non the complete trust chain.\n\nThe FreeRADIUS project advises that the recommended configuration is\nto use self-signed CAs for all EAP-TLS methods.", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2015-07-14T00:00:00", "title": "FreeBSD : freeradius -- insufficient CRL application vulnerability (379788f3-2900-11e5-a4a5-002590263bf5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4680"], "modified": "2015-07-14T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:freeradius3", "p-cpe:/a:freebsd:freebsd:freeradius2"], "id": "FREEBSD_PKG_379788F3290011E5A4A5002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/84697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84697);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4680\");\n\n script_name(english:\"FreeBSD : freeradius -- insufficient CRL application vulnerability (379788f3-2900-11e5-a4a5-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"oCERT reports :\n\nThe FreeRADIUS server relies on OpenSSL to perform certificate\nvalidation, including Certificate Revocation List (CRL) checks. The\nFreeRADIUS usage of OpenSSL, in CRL application, limits the checks to\nleaf certificates, therefore not detecting revocation of intermediate\nCA certificates.\n\nAn unexpired client certificate, issued by an intermediate CA with a\nrevoked certificate, is therefore accepted by FreeRADIUS.\n\nSpecifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate\nCRL checks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks\non the complete trust chain.\n\nThe FreeRADIUS project advises that the recommended configuration is\nto use self-signed CAs for all EAP-TLS methods.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201059\"\n );\n # http://www.ocert.org/advisories/ocert-2015-008.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ocert.org/advisories/ocert-2015-008.html\"\n );\n # http://freeradius.org/security.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://freeradius.org/security/\"\n );\n # https://vuxml.freebsd.org/freebsd/379788f3-2900-11e5-a4a5-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ad9b3ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freeradius2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freeradius3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freeradius2<2.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"freeradius3<3.0.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:25:19", "description": "This update of freeradius-server fixes several issues. Security issue\nfixed :\n\n - CVE-2015-4680: Fixed Insufficent CRL application for\n intermediate certificates (bsc#935573) Non security\n issues fixed :\n\n - Allows FreeRadius Server to start on SUSE Linux\n Enterprise Server 12 SP2 systems by relaxing a too\n strict openssl version check. (bsc#1013311)\n\n - Fixed radclient error free() invalid pointer\n (bsc#911886)\n\n - Fixed failing rebuild of freeradius-server package\n (bsc#951404)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-01-11T00:00:00", "title": "SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:0102-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4680"], "modified": "2017-01-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:freeradius-server-debugsource", "p-cpe:/a:novell:suse_linux:freeradius-server-libs-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-sqlite", "p-cpe:/a:novell:suse_linux:freeradius-server-krb5-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-utils", "p-cpe:/a:novell:suse_linux:freeradius-server-doc", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:freeradius-server-postgresql", "p-cpe:/a:novell:suse_linux:freeradius-server-perl-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-python", "p-cpe:/a:novell:suse_linux:freeradius-server-python-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-perl", "p-cpe:/a:novell:suse_linux:freeradius-server-postgresql-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-ldap-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-ldap", "p-cpe:/a:novell:suse_linux:freeradius-server-sqlite-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-mysql-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-krb5", "p-cpe:/a:novell:suse_linux:freeradius-server", "p-cpe:/a:novell:suse_linux:freeradius-server-utils-debuginfo", "p-cpe:/a:novell:suse_linux:freeradius-server-mysql", "p-cpe:/a:novell:suse_linux:freeradius-server-libs"], "id": "SUSE_SU-2017-0102-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0102-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96404);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-4680\");\n script_bugtraq_id(75327);\n\n script_name(english:\"SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:0102-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freeradius-server fixes several issues. Security issue\nfixed :\n\n - CVE-2015-4680: Fixed Insufficent CRL application for\n intermediate certificates (bsc#935573) Non security\n issues fixed :\n\n - Allows FreeRadius Server to start on SUSE Linux\n Enterprise Server 12 SP2 systems by relaxing a too\n strict openssl version check. (bsc#1013311)\n\n - Fixed radclient error free() invalid pointer\n (bsc#911886)\n\n - Fixed failing rebuild of freeradius-server package\n (bsc#951404)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4680/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170102-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f883f1dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-44=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-44=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-44=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-44=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-44=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-krb5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-debugsource-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-doc-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-krb5-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-krb5-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-ldap-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-ldap-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-libs-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-libs-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-mysql-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-mysql-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-perl-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-perl-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-postgresql-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-postgresql-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-python-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-python-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-sqlite-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-sqlite-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-utils-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"freeradius-server-utils-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-debugsource-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-doc-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-krb5-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-krb5-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-ldap-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-ldap-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-libs-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-libs-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-mysql-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-mysql-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-perl-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-perl-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-postgresql-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-postgresql-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-python-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-python-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-sqlite-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-sqlite-debuginfo-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-utils-3.0.3-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"freeradius-server-utils-debuginfo-3.0.3-14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeradius-server\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:47:52", "description": "This update for freeradius-server fixes the following issues :\n\n - CVE-2017-9148: Disable OpenSSL's internal session cache\n to mitigate authentication bypass. (bnc#1041445)\n\n - CVE-2015-4680: Add a configuration option to allow\n checking of all intermediate certificates for\n revocations. (bnc#935573) The following non security\n issue was fixed :\n\n - Cannot create table radpostauth because of deprecated\n TIMESTAMP(14) syntax. (bsc#912873)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-05T00:00:00", "title": "SUSE SLES11 Security Update : freeradius-server (SUSE-SU-2017:1777-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4680", "CVE-2017-9148"], "modified": "2017-07-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:freeradius-server-utils", "p-cpe:/a:novell:suse_linux:freeradius-server-doc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:freeradius-server-dialupadmin", "p-cpe:/a:novell:suse_linux:freeradius-server", "p-cpe:/a:novell:suse_linux:freeradius-server-libs"], "id": "SUSE_SU-2017-1777-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101229", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1777-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101229);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-4680\", \"CVE-2017-9148\");\n script_bugtraq_id(75327);\n\n script_name(english:\"SUSE SLES11 Security Update : freeradius-server (SUSE-SU-2017:1777-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for freeradius-server fixes the following issues :\n\n - CVE-2017-9148: Disable OpenSSL's internal session cache\n to mitigate authentication bypass. (bnc#1041445)\n\n - CVE-2015-4680: Add a configuration option to allow\n checking of all intermediate certificates for\n revocations. (bnc#935573) The following non security\n issue was fixed :\n\n - Cannot create table radpostauth because of deprecated\n TIMESTAMP(14) syntax. (bsc#912873)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-4680/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9148/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171777-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6129b8b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-freeradius-server-13192=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-freeradius-server-13192=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-freeradius-server-13192=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-dialupadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freeradius-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"freeradius-server-2.1.1-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"freeradius-server-dialupadmin-2.1.1-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"freeradius-server-doc-2.1.1-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"freeradius-server-libs-2.1.1-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"freeradius-server-utils-2.1.1-7.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeradius-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:44:32", "description": "Several issues were discovered in FreeRADIUS, a high-performance and\nhighly configurable RADIUS server.\n\nCVE-2014-2015\n\nA stack-based buffer overflow was found in the normify function in the\nrlm_pap module, which can be attacked by existing users to cause\ndenial of service or other issues.\n\nCVE-2015-4680\n\nIt was discovered that freeradius failed to check revocation of\nintermediate CA certificates, thus accepting client certificates\nissued by revoked certificates from intermediate CAs.\n\nNote that to enable checking of intermediate CA\ncertificates, it is necessary to enable the check_all_crl\noption of the EAP TLS section in eap.conf. This is only\nnecessary for servers using certificates signed by\nintermediate CAs. Servers that use self-signed CAs are\nunaffected.\n\nCVE-2017-9148\n\nThe TLS session cache fails to reliably prevent resumption of an\nunauthenticated session, which allows remote attackers (such as\nmalicious 802.1X supplicants) to bypass authentication via PEAP or\nTTLS.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.1.12+dfsg-1.2+deb7u1.\n\nWe recommend that you upgrade your freeradius packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-06-06T00:00:00", "title": "Debian DLA-977-1 : freeradius security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4680", "CVE-2014-2015", "CVE-2017-9148"], "modified": "2017-06-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libfreeradius2", "p-cpe:/a:debian:debian_linux:freeradius-krb5", "p-cpe:/a:debian:debian_linux:freeradius-iodbc", "p-cpe:/a:debian:debian_linux:freeradius-ldap", "p-cpe:/a:debian:debian_linux:freeradius-mysql", "p-cpe:/a:debian:debian_linux:freeradius-dialupadmin", "p-cpe:/a:debian:debian_linux:freeradius-utils", "p-cpe:/a:debian:debian_linux:freeradius-dbg", "p-cpe:/a:debian:debian_linux:freeradius", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:freeradius-common", "p-cpe:/a:debian:debian_linux:libfreeradius-dev", "p-cpe:/a:debian:debian_linux:freeradius-postgresql"], "id": "DEBIAN_DLA-977.NASL", "href": "https://www.tenable.com/plugins/nessus/100623", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-977-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100623);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2015\", \"CVE-2015-4680\", \"CVE-2017-9148\");\n script_bugtraq_id(65581, 75327);\n\n script_name(english:\"Debian DLA-977-1 : freeradius security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues were discovered in FreeRADIUS, a high-performance and\nhighly configurable RADIUS server.\n\nCVE-2014-2015\n\nA stack-based buffer overflow was found in the normify function in the\nrlm_pap module, which can be attacked by existing users to cause\ndenial of service or other issues.\n\nCVE-2015-4680\n\nIt was discovered that freeradius failed to check revocation of\nintermediate CA certificates, thus accepting client certificates\nissued by revoked certificates from intermediate CAs.\n\nNote that to enable checking of intermediate CA\ncertificates, it is necessary to enable the check_all_crl\noption of the EAP TLS section in eap.conf. This is only\nnecessary for servers using certificates signed by\nintermediate CAs. Servers that use self-signed CAs are\nunaffected.\n\nCVE-2017-9148\n\nThe TLS session cache fails to reliably prevent resumption of an\nunauthenticated session, which allows remote attackers (such as\nmalicious 802.1X supplicants) to bypass authentication via PEAP or\nTTLS.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.1.12+dfsg-1.2+deb7u1.\n\nWe recommend that you upgrade your freeradius packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/06/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/freeradius\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-dialupadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-iodbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freeradius-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreeradius-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreeradius2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"freeradius\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-common\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-dbg\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-dialupadmin\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-iodbc\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-krb5\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-ldap\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-mysql\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-postgresql\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"freeradius-utils\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libfreeradius-dev\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libfreeradius2\", reference:\"2.1.12+dfsg-1.2+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "cvelist": ["CVE-2015-4680", "CVE-2014-2015", "CVE-2017-9148"], "description": "Package : freeradius\nVersion : 2.1.12+dfsg-1.2+deb7u1\nCVE ID : CVE-2014-2015 CVE-2015-4680 CVE-2017-9148\nDebian Bug : 742820 789623 863673\n\nSeveral issues were discovered in FreeRADIUS, a high-performance and\nhighly configurable RADIUS server.\n\nCVE-2014-2015\n\n A stack-based buffer overflow was found in the normify function in\n the rlm_pap module, which can be attacked by existing users to\n cause denial of service or other issues.\n\nCVE-2015-4680\n\n It was discovered that freeradius failed to check revocation of\n intermediate CA certificates, thus accepting client certificates\n issued by revoked certificates from intermediate CAs.\n\n Note that to enable checking of intermediate CA certificates, it\n is necessary to enable the check_all_crl option of the EAP TLS\n section in eap.conf. This is only necessary for servers using\n certificates signed by intermediate CAs. Servers that use\n self-signed CAs are unaffected.\n\nCVE-2017-9148\n\n The TLS session cache fails to reliably prevent resumption of an\n unauthenticated session, which allows remote attackers (such as\n malicious 802.1X supplicants) to bypass authentication via PEAP or\n TTLS.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.1.12+dfsg-1.2+deb7u1.\n\nWe recommend that you upgrade your freeradius packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-06-05T16:33:27", "published": "2017-06-05T16:33:27", "id": "DEBIAN:DLA-977-1:5B986", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201706/msg00005.html", "title": "[SECURITY] [DLA 977-1] freeradius security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
