SB2017071802 - Red Hat Enterprise Linux update for FreeRADIUS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017071802

SB2017071802 - Red Hat Enterprise Linux update for FreeRADIUS

Published: July 18, 2017

Security Bulletin ID SB2017071802
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 17% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2017-10978)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in make_secret() function when processing RADIUS packets. A remote unauthenticated attacker can send a specially crafted RADIUS packet and crash the affected server.

Successful exploitation of this vulnerability may result in denial of service attack.


2) Buffer overflow (CVE-ID: CVE-2017-10979)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing RADIUS packets in rad_coalesce() function. A remote unauthenticated attacker can send a specially crafted packet with iverly long WiMAX attribute, trigger buffer overflow and crash the affected server or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Memory leak (CVE-ID: CVE-2017-10980)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in decode_tlv() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with option 82 and multiple sub-options  to vulnerable system and trigger denial of service attack.


4) Memory leak (CVE-ID: CVE-2017-10981)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options  to vulnerable system and trigger denial of service attack.


5) Out-of-bounds read (CVE-ID: CVE-2017-10982)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode_options() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options  to vulnerable system and trigger denial of service attack.


6) Out-of-bounds read (CVE-ID: CVE-2017-10983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP option 63 with non-zero contents to vulnerable system and trigger denial of service attack.


Remediation

Install update from vendor's website.

References