MiracleLinux 4 : freeradius-2.2.6-4.AXS4 (AXSA:2015-304:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-304:01 advisory. The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2...

VulnCheck KEV: CVE-2017-10986

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcpattr2vp" and a denial of service...

freeradius: forgery attack

A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...

SUSE CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

SUSE CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...

SUSE CVE-2005-1454

SQL injection vulnerability in the radiusxlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via 1 groupmembershipquery, 2 simulcountquery, or 3 simulverifyquery configuration entries...

SUSE CVE-2005-4744

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...

SUSE CVE-2005-4745

SQL injection vulnerability in the rlmsqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors...

SUSE CVE-2005-4746

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service crash via 1 the rlmsqlcounter module or 2 unknown vectors "while expanding %t"...

SUSE CVE-2009-3111

The raddecode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service radiusd crash via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to...

SUSE CVE-2010-3696

The frdhcpdecode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service infinite loop and daemon outage via a packet that has more than one sub-option...

SUSE CVE-2011-4966

modules/rlmunix/rlmunix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password...

SUSE CVE-2012-3547

Stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via a long "not after" timestamp in a client certificate...

SUSE CVE-2015-4680

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...

SUSE CVE-2015-8763

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted 1 commit or 2 confirm message, which triggers an out-of-bounds read...

SUSE CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

SUSE CVE-2017-10984

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vpwimax" - this allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code...

SUSE CVE-2017-10983

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service...

SUSE CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

ALPINE-CVE-2022-41861

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...