Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VIRTUOZZO_VZLSA-2017-1759.NASL
HistoryNov 27, 2018 - 12:00 a.m.

Virtuozzo 6 : freeradius / freeradius-krb5 / freeradius-ldap / etc (VZLSA-2017-1759)

2018-11-2700:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

An update for freeradius is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.

Security Fix(es) :

  • An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979)

  • An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978)

  • Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets.
    (CVE-2017-10980, CVE-2017-10981)

  • Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983)

Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues.

Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(119219);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id(
    "CVE-2017-10978",
    "CVE-2017-10979",
    "CVE-2017-10980",
    "CVE-2017-10981",
    "CVE-2017-10982",
    "CVE-2017-10983"
  );

  script_name(english:"Virtuozzo 6 : freeradius / freeradius-krb5 / freeradius-ldap / etc (VZLSA-2017-1759)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Virtuozzo host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"An update for freeradius is now available for Red Hat Enterprise Linux
6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

Security Fix(es) :

* An out-of-bounds write flaw was found in the way FreeRADIUS server
handled certain attributes in request packets. A remote attacker could
use this flaw to crash the FreeRADIUS server or to execute arbitrary
code in the context of the FreeRADIUS server process by sending a
specially crafted request packet. (CVE-2017-10979)

* An out-of-bounds read and write flaw was found in the way FreeRADIUS
server handled RADIUS packets. A remote attacker could use this flaw
to crash the FreeRADIUS server by sending a specially crafted RADIUS
packet. (CVE-2017-10978)

* Multiple memory leak flaws were found in the way FreeRADIUS server
handled decoding of DHCP packets. A remote attacker could use these
flaws to cause the FreeRADIUS server to consume an increasing amount
of memory resources over time, possibly leading to a crash due to
memory exhaustion, by sending specially crafted DHCP packets.
(CVE-2017-10980, CVE-2017-10981)

* Multiple out-of-bounds read flaws were found in the way FreeRADIUS
server handled decoding of DHCP packets. A remote attacker could use
these flaws to crash the FreeRADIUS server by sending a specially
crafted DHCP request. (CVE-2017-10982, CVE-2017-10983)

Red Hat would like to thank the FreeRADIUS project for reporting these
issues. Upstream acknowledges Guido Vranken as the original reporter
of these issues.

Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues.");
  # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1759.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4d6cef56");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:1759");
  script_set_attribute(attribute:"solution", value:
"Update the affected freeradius / freeradius-krb5 / freeradius-ldap / etc package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-unixODBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:freeradius-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Virtuozzo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/Virtuozzo/release");
if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);

if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);

flag = 0;

pkgs = ["freeradius-2.2.6-7.vl6",
        "freeradius-krb5-2.2.6-7.vl6",
        "freeradius-ldap-2.2.6-7.vl6",
        "freeradius-mysql-2.2.6-7.vl6",
        "freeradius-perl-2.2.6-7.vl6",
        "freeradius-postgresql-2.2.6-7.vl6",
        "freeradius-python-2.2.6-7.vl6",
        "freeradius-unixODBC-2.2.6-7.vl6",
        "freeradius-utils-2.2.6-7.vl6"];

foreach (pkg in pkgs)
  if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius / freeradius-krb5 / freeradius-ldap / etc");
}
VendorProductVersionCPE
virtuozzovirtuozzofreeradiusp-cpe:/a:virtuozzo:virtuozzo:freeradius
virtuozzovirtuozzofreeradius-krb5p-cpe:/a:virtuozzo:virtuozzo:freeradius-krb5
virtuozzovirtuozzofreeradius-ldapp-cpe:/a:virtuozzo:virtuozzo:freeradius-ldap
virtuozzovirtuozzofreeradius-mysqlp-cpe:/a:virtuozzo:virtuozzo:freeradius-mysql
virtuozzovirtuozzofreeradius-perlp-cpe:/a:virtuozzo:virtuozzo:freeradius-perl
virtuozzovirtuozzofreeradius-postgresqlp-cpe:/a:virtuozzo:virtuozzo:freeradius-postgresql
virtuozzovirtuozzofreeradius-pythonp-cpe:/a:virtuozzo:virtuozzo:freeradius-python
virtuozzovirtuozzofreeradius-unixodbcp-cpe:/a:virtuozzo:virtuozzo:freeradius-unixodbc
virtuozzovirtuozzofreeradius-utilsp-cpe:/a:virtuozzo:virtuozzo:freeradius-utils
virtuozzovirtuozzo6cpe:/o:virtuozzo:virtuozzo:6

Related

nessus 23
oraclelinux 2
redhat 2
osv 8
amazon 1
openvas 16
centos 2
debian 3
ubuntu 1
mageia 1
apple 2
veracode 6
ubuntucve 6
debiancve 6
prion 6
redhatcve 6
cve 6
fedora 2
archlinux 1
suse 2
nessus
nessus
Amazon Linux AMI : freeradius (ALAS-2017-865)
2017-08-04 00:00:00
Scientific Linux Security Update : freeradius on SL6.x i386/x86_64 (20170718)
2017-07-19 00:00:00
RHEL 6 : freeradius (RHSA-2017:1759)
2017-07-18 00:00:00
oraclelinux
oraclelinux
freeradius security update
2017-07-18 00:00:00
freeradius security update
2017-08-09 00:00:00
redhat
redhat
(RHSA-2017:1759) Important: freeradius security update
2017-07-18 02:27:56
(RHSA-2017:2389) Important: freeradius security update
2017-08-01 14:36:42
osv
osv
freeradius - security update
2017-08-25 00:00:00
freeradius - security update
2017-08-10 00:00:00
CVE-2017-10980
2017-07-17 17:29:00
amazon
amazon
Important: freeradius
2017-08-03 19:11:00
openvas
openvas
Debian: Security Advisory (DLA-1064-1)
2018-02-06 00:00:00
RedHat Update for freeradius RHSA-2017:1759-01
2017-07-18 00:00:00
CentOS Update for freeradius CESA-2017:1759 centos6
2017-07-20 00:00:00
centos
centos
freeradius security update
2017-07-19 14:29:47
freeradius security update
2017-08-24 09:43:49
debian
debian
[SECURITY] [DLA 1064-1] freeradius security update
2017-08-25 17:46:50
[SECURITY] [DSA 3930-1] freeradius security update
2017-08-10 14:48:43
[SECURITY] [DSA 3930-1] freeradius security update
2017-08-10 14:49:02
ubuntu
ubuntu
FreeRADIUS vulnerabilities
2017-07-27 00:00:00
mageia
mageia
Updated freeradius packages fix security vulnerabilities
2017-07-30 18:58:51
apple
apple
About the security content of macOS Server 5.4 - Apple Support
2017-10-31 05:52:44
About the security content of macOS Server 5.4
2017-09-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:37
Denial Of Service (DoS)
2019-05-02 06:30:37
Denial Of Service (DoS)
2019-05-02 06:30:37
ubuntucve
ubuntucve
CVE-2017-10980
2017-07-17 00:00:00
CVE-2017-10983
2017-07-17 00:00:00
CVE-2017-10982
2017-07-17 00:00:00
debiancve
debiancve
CVE-2017-10980
2017-07-17 17:29:00
CVE-2017-10978
2017-07-17 17:29:00
CVE-2017-10983
2017-07-17 17:29:00
prion
prion
Memory corruption
2017-07-17 17:29:00
Buffer overflow
2017-07-17 17:29:00
Buffer overflow
2017-07-17 17:29:00
redhatcve
redhatcve
CVE-2017-10979
2017-07-17 14:51:26
CVE-2017-10980
2017-07-17 14:49:27
CVE-2017-10983
2019-10-11 16:53:58
cve
cve
CVE-2017-10979
2017-07-17 17:29:00
CVE-2017-10980
2017-07-17 17:29:00
CVE-2017-10983
2017-07-17 17:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: freeradius-3.0.15-1.fc26
2017-07-27 16:54:18
[SECURITY] Fedora 25 Update: freeradius-3.0.15-1.fc25
2017-07-27 21:54:09
archlinux
archlinux
[ASA-201707-23] freeradius: multiple issues
2017-07-18 00:00:00
suse
suse
Security update for freeradius-server (important)
2017-08-17 12:15:26
Security update for freeradius-server (important)
2017-08-28 15:07:53
JSON
Related for VIRTUOZZO_VZLSA-2017-1759.NASL
nessus23oraclelinux2redhat2osv8amazon1openvas16centos2debian3ubuntu1mageia1apple2veracode6ubuntucve6debiancve6prion6redhatcve6cve6fedora2archlinux1suse2