VYPR

rpm package

suse/freeradius-server&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (7)

  • CVE-2017-10983HigJul 17, 2017
    affected < 2.1.1-7.25.3.1fixed 2.1.1-7.25.3.1

    An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.

  • CVE-2017-10982HigJul 17, 2017
    affected < 2.1.1-7.25.3.1fixed 2.1.1-7.25.3.1

    An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.

  • CVE-2017-10981HigJul 17, 2017
    affected < 2.1.1-7.25.3.1fixed 2.1.1-7.25.3.1

    An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.

  • CVE-2017-10979CriJul 17, 2017
    affected < 2.1.1-7.25.3.1fixed 2.1.1-7.25.3.1

    An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.

  • CVE-2017-10978HigJul 17, 2017
    affected < 2.1.1-7.25.3.1fixed 2.1.1-7.25.3.1

    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

  • CVE-2017-9148CriMay 29, 2017
    affected < 2.1.1-7.24.1fixed 2.1.1-7.24.1

    The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass au

  • CVE-2015-4680HigApr 5, 2017
    affected < 2.1.1-7.24.1fixed 2.1.1-7.24.1

    FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.