MiracleLinux 4 : freeradius-2.2.6-4.AXS4 (AXSA:2015-304:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-304:01 advisory. The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2...

SUSE CVE-2003-0967

raddecode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service crash via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute...

SUSE CVE-2005-1454

SQL injection vulnerability in the radiusxlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via 1 groupmembershipquery, 2 simulcountquery, or 3 simulverifyquery configuration entries...

SUSE CVE-2005-4744

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...

SUSE CVE-2005-4746

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service crash via 1 the rlmsqlcounter module or 2 unknown vectors "while expanding %t"...

SUSE CVE-2005-4745

SQL injection vulnerability in the rlmsqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors...

SUSE CVE-2009-3111

The raddecode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service radiusd crash via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to...

SUSE CVE-2010-3696

The frdhcpdecode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service infinite loop and daemon outage via a packet that has more than one sub-option...

SUSE CVE-2011-4966

modules/rlmunix/rlmunix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password...

SUSE CVE-2012-3547

Stack-based buffer overflow in the cbtlsverify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service server crash and possibly execute arbitrary code via a long "not after" timestamp in a client certificate...

SUSE CVE-2015-8763

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted 1 commit or 2 confirm message, which triggers an out-of-bounds read...

SUSE CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

SUSE CVE-2017-10983

An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service...

SUSE CVE-2017-10984

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vpwimax" - this allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code...

ALPINE-CVE-2022-41861

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash...

freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads use the same BNCTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a...

DEBIAN-CVE-2019-17185

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads use the same BNCTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a...

DEBIAN-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63

An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request...

FreeRADIUS 'fr_dhcp_decode_suboptions()' function buffer out-of-bounds read vulnerability security vulnerability

FreeRADIUS is a set of software that implements the RADIUS protocol from the FreeRADIUS Server project. The software is mainly used for account authentication management, bookkeeping management and Internet account management, etc. and contains a Radius server, a client library for BSD protocol...