VYPR

rpm package

suse/freeradius-server&distro=SUSE Linux Enterprise Server 12 SP2

pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2

Vulnerabilities (7)

  • CVE-2017-10987HigJul 17, 2017
    affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1

    An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

  • CVE-2017-10985HigJul 17, 2017
    affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1

    An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.

  • CVE-2017-10984CriJul 17, 2017
    affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1

    An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

  • CVE-2017-10983HigJul 17, 2017
    affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1

    An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.

  • CVE-2017-10978HigJul 17, 2017
    affected < 3.0.3-17.9.1fixed 3.0.3-17.9.1

    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

  • CVE-2017-9148CriMay 29, 2017
    affected < 3.0.3-17.4.1fixed 3.0.3-17.4.1

    The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass au

  • CVE-2015-4680HigApr 5, 2017
    affected < 3.0.3-14.1fixed 3.0.3-14.1

    FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.