From ff98517a504d647afb074a3fb3017b0d027eb68f Mon Sep 17 00:00:00 2001 From: feld Date: Mon, 14 Aug 2017 22:42:53 +0000 Subject: Document freeradius vulnerabilities --- security/vuxml/vuln.xml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2ac1972a45c5..0371c14d2bd2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + FreeRadius -- Multiple vulnerabilities + + + freeradius3 + 3.0.15 + + + + +

Guido Vranken reports:

+
Multiple vulnerabilities found via fuzzing: + FR-GV-201 (v2,v3) Read / write overflow in make_secret() + FR-GV-202 (v2) Write overflow in rad_coalesce() + FR-GV-203 (v2) DHCP - Memory leak in decode_tlv() + FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode() + FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options() + FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63 + FR-GV-207 (v2) Zero-length malloc in data2vp() + FR-GV-301 (v3) Write overflow in data2vp_wimax() + FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes + FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp() + FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions() + FR-GV-305 (v3) Decode 'signed' attributes correctly + FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data + FR-AD-002 (v3) String lifetime issues in rlm_python + FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare
+

+ + + + http://freeradius.org/security/fuzzer-2017.html + + + 2017-06-17 + 2017-08-14 + + + Mercurial -- multiple vulnerabilities -- cgit