MiracleLinux 4 : freeradius-2.2.6-4.AXS4 (AXSA:2015-304:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-304:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289369);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2014-2015");

  script_name(english:"MiracleLinux 4 : freeradius-2.2.6-4.AXS4 (AXSA:2015-304:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the
AXSA:2015-304:01 advisory.

    The FreeRADIUS Server Project is a high performance and highly configurable
    GPL'd free RADIUS server. The server is similar in some respects to
    Livingston's 2.0 server.  While FreeRADIUS started as a variant of the
    Cistron RADIUS server, they don't share a lot in common any more. It now has
    many more features than Cistron or Livingston, and is much more configurable.
    FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
    protocol, as defined in RFC 2865 (and others). It allows Network Access
    Servers (NAS boxes) to perform authentication for dial-up users. There are
    also RADIUS clients available for Web servers, firewalls, Unix logins, and
    more.  Using RADIUS allows authentication and authorization for a network to
    be centralized, and minimizes the amount of re-configuration which has to be
    done when adding or deleting new users.
    Security issues fixed with this release:
    CVE-2014-2015
    Fixed bugs:
    * The number of dictionaries have been updated.
    * This update implements several Extensible Authentication Protocol (EAP)
    improvements.
    * A number of new expansions have been added, including: %{randstr:...},
    %{hex:...}, %{sha1:...}, %{base64:...}, %{tobase64:...}, and %{base64tohex:...}.
    * Hexadecimal numbers (0x...) are now supported in %{expr:...} expansions.
    * This update adds operator support to the rlm_python module.
    * The Dynamic Host Configuration Protocol (DHCP) and DHCP relay code have been
    finalized.
    * This update adds the rlm_cache module to cache arbitrary attributes.
    * The /var/log/radius/radutmp file was configured to rotate at one-month
    intervals, even though this was unnecessary. With this update,
    the described problem was fixed.
    * The radiusd service could not write the output file created by the raddebug
    utility. The raddebug utility now sets appropriate ownership to the output file,
    allowing radiusd to write the output.
    * After starting raddebug using the raddebug -t 0 command, raddebug exited
    immediately. A typo in the special case comparison has been fixed, and raddebug
    now runs for 11.5 days in this situation.
    * MS-CHAP authentication failed when the User-Name and MS-CHAP-User-Name
    attributes used different encodings, even when the user provided correct
    credentials. With this update, authentication with correct credentials no longer fails in this
    situation.
    * Automatically generated default certificates used the SHA-1 algorithm message
    digest, which is considered insecure. The default certificates now use the more
    secure SHA-256 algorithm message digest.
    * During the Online Certificate Status Protocol (OCSP) validation, radiusd
    terminated unexpectedly with a segmentation fault after attempting to access the
    next update field that was not provided by the OCSP responder. With this update,
    this problem is fixed.
    * Previously, radiusd failed to work with some of the more recent
    MikroTIK attributes, because the installed directory.mikrotik file did not
    include them. With this update, the bug was fixed.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/5649");
  script_set_attribute(attribute:"solution", value:
"Update the affected freeradius package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2015");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:freeradius");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'freeradius-2.2.6-4.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'freeradius-2.2.6-4.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freeradius');
}