SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   FreeRADIUS Vendors:   FreeRADIUS Server Project
(CentOS Issues Fix) FreeRADIUS Overflows and Memory Leaks Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1038955
SecurityTracker URL:  http://securitytracker.com/id/1038955
CVE Reference:   CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983   (Links to External Site)
Date:  Jul 20 2017
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.0 through 3.0.14
Description:   Multiple vulnerabilities were reported in FreeRADIUS. A remote user can cause denial of service conditions on the target system. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted RADIUS data to trigger an overflow in make_secret() and cause the target service to crash [CVE-2017-10978].

A remote user can send specially crafted RADIUS data to trigger an overflow in rad_coalesce() and execute arbitrary code on the target system [CVE-2017-10979]. The code will run with the privileges of the target service. Versions 2.0.0 through 2.2.9 are affected.

A remote user can send specially crafted DHCP data to trigger a memory leak in decode_tlv() and consume excessive memory on the target system [CVE-2017-10980]. Versions 2.0.0 through 2.2.9 are affected.

A remote user can send specially crafted DHCP data to trigger a memory leak in fr_dhcp_decode() and consume excessive memory on the target system [CVE-2017-10981]. Versions 2.0.0 through 2.2.9 are affected.

A remote user can send specially crafted DHCP data to trigger a read overflow in fr_dhcp_decode_options() and cause the target service to crash [CVE-2017-10982]. Versions 2.0.0 through 2.2.9 are affected.

A remote user can send specially crafted DHCP option 63 data to trigger a read overflow in fr_dhcp_decode_options() and cause the target service to crash [CVE-2017-10983].

Guido Vranken reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can execute arbitrary code on the target system.

Solution:   CentOS has issued a fix.

i386:
e4f767fdec3af6be76c0cfe372573f825216e8c026a2941c301999bcbdf4c02d freeradius-2.2.6-7.el6_9.i686.rpm
e5fd6a6500baeaf79534fd186c267d140223e964cade30a4e157679a90c6ae6c freeradius-krb5-2.2.6-7.el6_9.i686.rpm
173a932adf52ac084d5cc50ddf85b14e2851b801ec5c8ad511d8703ef2e23b28 freeradius-ldap-2.2.6-7.el6_9.i686.rpm
ea210f37b97c32920a137e29660b4fd5b560f82422b679f912153d05b49e4c15 freeradius-mysql-2.2.6-7.el6_9.i686.rpm
29d70839905b1932247e69eff8249ca65495f4db0abaf3730b1d64b52f8d941a freeradius-perl-2.2.6-7.el6_9.i686.rpm
cf5d5d4f5211d5bc14feaede74df228f96e0aa42d19d6f1c433874cc61a567fc freeradius-postgresql-2.2.6-7.el6_9.i686.rpm
d43205c9ac8682097a7121483ad0b7ec89e1fc3b2875e06208ff1cdb50d43092 freeradius-python-2.2.6-7.el6_9.i686.rpm
cc184109d8621943ffe41bd266db4f770b822e653e16176b90d68548f92d2790 freeradius-unixODBC-2.2.6-7.el6_9.i686.rpm
17a34de90e080d8deb30460b381e399ca0611b94c91deb3b40991ab36aa5c109 freeradius-utils-2.2.6-7.el6_9.i686.rpm

x86_64:
385402f4b42a65d3dba78b68e88d3c67c93c5d61498851a55b2e8488f3750a21 freeradius-2.2.6-7.el6_9.x86_64.rpm
b9bf00a83f18ca498ebcd0b5b26548910dccec049512bd45379c31179da3a4cb freeradius-krb5-2.2.6-7.el6_9.x86_64.rpm
7023871cd55c7cae5a8c47a316bab2974d3a4d4286e2fa34c768e8f9c1aefb52 freeradius-ldap-2.2.6-7.el6_9.x86_64.rpm
06ff7baa0bc50bb7622d70259e27b4db8cd9e3f425069d854ba5a9ddc8e2188b freeradius-mysql-2.2.6-7.el6_9.x86_64.rpm
81b6c13b1a100c7fe2262565e3b241911e51151707f90855b40419ff064e9a65 freeradius-perl-2.2.6-7.el6_9.x86_64.rpm
2b763f704133c5ff89c6af5d98ef10ca5f33fba065f38bd8ece017096b36abdf freeradius-postgresql-2.2.6-7.el6_9.x86_64.rpm
8196f92502b5b84a9dabe9fde46a084875c83e900c323b1101128e5e35fd4200 freeradius-python-2.2.6-7.el6_9.x86_64.rpm
9279cd779524b358f90d352d4c64e0bfcf68350853f8852f8e315ef933e15645 freeradius-unixODBC-2.2.6-7.el6_9.x86_64.rpm
884854b694359c6c83d6047fa0dbfa886d6ac39006c05425b14a5bcf531439e8 freeradius-utils-2.2.6-7.el6_9.x86_64.rpm

Source:
e1dc75873c96ca51a2ce7955004db68601354bcfa1095afba5c84a8b7c54163d freeradius-2.2.6-7.el6_9.src.rpm

Cause:   Access control error, Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Jul 18 2017 FreeRADIUS Overflows and Memory Leaks Let Remote Users Deny Service and Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1759 Important CentOS 6 freeradius Security Update


CentOS Errata and Security Advisory 2017:1759 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:1759

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
e4f767fdec3af6be76c0cfe372573f825216e8c026a2941c301999bcbdf4c02d  freeradius-2.2.6-7.el6_9.i686.rpm
e5fd6a6500baeaf79534fd186c267d140223e964cade30a4e157679a90c6ae6c  freeradius-krb5-2.2.6-7.el6_9.i686.rpm
173a932adf52ac084d5cc50ddf85b14e2851b801ec5c8ad511d8703ef2e23b28  freeradius-ldap-2.2.6-7.el6_9.i686.rpm
ea210f37b97c32920a137e29660b4fd5b560f82422b679f912153d05b49e4c15  freeradius-mysql-2.2.6-7.el6_9.i686.rpm
29d70839905b1932247e69eff8249ca65495f4db0abaf3730b1d64b52f8d941a  freeradius-perl-2.2.6-7.el6_9.i686.rpm
cf5d5d4f5211d5bc14feaede74df228f96e0aa42d19d6f1c433874cc61a567fc  freeradius-postgresql-2.2.6-7.el6_9.i686.rpm
d43205c9ac8682097a7121483ad0b7ec89e1fc3b2875e06208ff1cdb50d43092  freeradius-python-2.2.6-7.el6_9.i686.rpm
cc184109d8621943ffe41bd266db4f770b822e653e16176b90d68548f92d2790  freeradius-unixODBC-2.2.6-7.el6_9.i686.rpm
17a34de90e080d8deb30460b381e399ca0611b94c91deb3b40991ab36aa5c109  freeradius-utils-2.2.6-7.el6_9.i686.rpm

x86_64:
385402f4b42a65d3dba78b68e88d3c67c93c5d61498851a55b2e8488f3750a21  freeradius-2.2.6-7.el6_9.x86_64.rpm
b9bf00a83f18ca498ebcd0b5b26548910dccec049512bd45379c31179da3a4cb  freeradius-krb5-2.2.6-7.el6_9.x86_64.rpm
7023871cd55c7cae5a8c47a316bab2974d3a4d4286e2fa34c768e8f9c1aefb52  freeradius-ldap-2.2.6-7.el6_9.x86_64.rpm
06ff7baa0bc50bb7622d70259e27b4db8cd9e3f425069d854ba5a9ddc8e2188b  freeradius-mysql-2.2.6-7.el6_9.x86_64.rpm
81b6c13b1a100c7fe2262565e3b241911e51151707f90855b40419ff064e9a65  freeradius-perl-2.2.6-7.el6_9.x86_64.rpm
2b763f704133c5ff89c6af5d98ef10ca5f33fba065f38bd8ece017096b36abdf  freeradius-postgresql-2.2.6-7.el6_9.x86_64.rpm
8196f92502b5b84a9dabe9fde46a084875c83e900c323b1101128e5e35fd4200  freeradius-python-2.2.6-7.el6_9.x86_64.rpm
9279cd779524b358f90d352d4c64e0bfcf68350853f8852f8e315ef933e15645  freeradius-unixODBC-2.2.6-7.el6_9.x86_64.rpm
884854b694359c6c83d6047fa0dbfa886d6ac39006c05425b14a5bcf531439e8  freeradius-utils-2.2.6-7.el6_9.x86_64.rpm

Source:
e1dc75873c96ca51a2ce7955004db68601354bcfa1095afba5c84a8b7c54163d  freeradius-2.2.6-7.el6_9.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC