79 matches found
Medium: freeradius
Issue Overview: When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
Amazon Linux AMI : freeradius (ALAS-2023-1699)
The version of freeradius installed on the remote host is prior to 2.2.6-7.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1699 advisory. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...
Medium: freeradius
Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...
Debian dla-3342 : freeradius - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3342 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3342-1 [email protected]...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2023-1312)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : freeradius (EulerOS-SA-2023-1312)
According to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...
SUSE SLES12: freeradius-server / freeradius-server-doc / freeradius-server-krb5 / etc (SUSE-SU-2023:0135-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0135-1 advisory. - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks bsc120620...
SUSE SLES12: freeradius-server / freeradius-server-doc / freeradius-server-krb5 / etc (SUSE-SU-2023:0124-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0124-1 advisory. - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attac...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
AZL-13062 CVE-2022-41860 affecting package freeradius for versions less than 3.2.3-1
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
Null pointer dereference
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
CVE-2022-41860
CVE-2022-41860 affects FreeRADIUS: when an EAP-SIM supplicant sends an unknown SIM option, the server looks it up in internal dictionaries, fails, but the SIM code dereferences a NULL pointer, crashing the server. Connected advisories confirm fixes in multiple distributions; Debian LTS/DLA adviso...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
USN-5785-1: FreeRADIUS vulnerabilities
It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17185 Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unkno...
USN-5785-1 freeradius vulnerabilities
It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17185 Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unkno...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : FreeRADIUS vulnerabilities (USN-5785-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5785-1 advisory. It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use thi...
Mageia: Security Advisory (MGASA-2022-0482)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...