FreeRADIUS Overflows and Memory Leaks Let Remote Users Deny Service and Execute Arbitrary Code
|
SecurityTracker Alert ID: 1038914 |
SecurityTracker URL: http://securitytracker.com/id/1038914
|
CVE Reference:
CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983
(Links to External Site)
|
Date: Jul 18 2017
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.0.0 through 3.0.14
|
Description:
Multiple vulnerabilities were reported in FreeRADIUS. A remote user can cause denial of service conditions on the target system. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted RADIUS data to trigger an overflow in make_secret() and cause the target service to crash [CVE-2017-10978].
A remote user can send specially crafted RADIUS data to trigger an overflow in rad_coalesce() and execute arbitrary code on the target system [CVE-2017-10979]. The code will run with the privileges of the target service. Versions 2.0.0 through 2.2.9 are affected.
A remote user can send specially crafted DHCP data to trigger a memory leak in decode_tlv() and consume excessive memory on the target system [CVE-2017-10980]. Versions 2.0.0 through 2.2.9 are affected.
A remote user can send specially crafted DHCP data to trigger a memory leak in fr_dhcp_decode() and consume excessive memory on the target system [CVE-2017-10981]. Versions 2.0.0 through 2.2.9 are affected.
A remote user can send specially crafted DHCP data to trigger a read overflow in fr_dhcp_decode_options() and cause the target service to crash [CVE-2017-10982]. Versions 2.0.0 through 2.2.9 are affected.
A remote user can send specially crafted DHCP option 63 data to trigger a read overflow in fr_dhcp_decode_options() and cause the target service to crash [CVE-2017-10983].
Guido Vranken reported these vulnerabilities.
|
Impact:
A remote user can cause denial of service conditions.
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fix (2.2.10, 3.0.15).
The vendor advisory is available at:
http://freeradius.org/security/fuzzer-2017.html
|
Vendor URL: freeradius.org/security/fuzzer-2017.html (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|