VYPR

Freeradius

by FreeRADIUS

Source repositories

CVEs (50)

  • CVE-2022-41861Jan 17, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.

  • CVE-2022-41859Jan 17, 2023
    risk 0.00cvss epss 0.01

    In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

  • CVE-2022-41860Jan 17, 2023
    risk 0.00cvss epss 0.01

    In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the…

  • CVE-2019-17185Mar 21, 2020
    risk 0.00cvss epss 0.02

    In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused…

  • CVE-2015-9542Feb 24, 2020
    risk 0.00cvss epss 0.03

    add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and…

  • CVE-2019-13456Dec 3, 2019
    risk 0.00cvss epss 0.02

    In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This…

  • CVE-2019-18667Nov 2, 2019
    risk 0.00cvss epss 0.04

    /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.

  • CVE-2019-10143May 24, 2019
    risk 0.00cvss epss 0.00

    It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a…

  • CVE-2014-2015Nov 2, 2014
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary…

  • CVE-2011-4966Mar 12, 2013
    risk 0.00cvss epss 0.01

    modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

  • CVE-2012-3547Sep 18, 2012
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client…

  • CVE-2011-2701Aug 4, 2011
    risk 0.00cvss epss 0.02

    The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

  • CVE-2010-3697Oct 7, 2010
    risk 0.00cvss epss 0.02

    The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash)…

  • CVE-2010-3696Oct 7, 2010
    risk 0.00cvss epss 0.02

    The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more…

  • CVE-2009-3111Sep 9, 2009
    risk 0.00cvss epss 0.11

    The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression…

  • CVE-2008-4474Oct 7, 2008
    risk 0.00cvss epss 0.00

    freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.

  • CVE-2007-2028Apr 13, 2007
    risk 0.00cvss epss 0.02

    Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not…

  • CVE-2007-0080Jan 5, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the…

  • CVE-2006-1354Mar 22, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

  • CVE-2005-4744Dec 31, 2005
    risk 0.00cvss epss 0.04

    Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to…