Amazon Linux AMI update for freeradius
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-10982 CVE-2017-10983 CVE-2017-10980 CVE-2017-10981 CVE-2017-10979 CVE-2017-10978 |
| CWE-ID | CWE-125 CWE-401 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU7556
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10982
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in fr_dhcp_decode_options() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options to vulnerable system and trigger denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
freeradius-mysql-2.2.6-7.16.amzn1.i686
freeradius-ldap-2.2.6-7.16.amzn1.i686
freeradius-krb5-2.2.6-7.16.amzn1.i686
freeradius-python-2.2.6-7.16.amzn1.i686
freeradius-unixODBC-2.2.6-7.16.amzn1.i686
freeradius-postgresql-2.2.6-7.16.amzn1.i686
freeradius-debuginfo-2.2.6-7.16.amzn1.i686
freeradius-utils-2.2.6-7.16.amzn1.i686
freeradius-perl-2.2.6-7.16.amzn1.i686
freeradius-2.2.6-7.16.amzn1.i686
src:
freeradius-2.2.6-7.16.amzn1.src
x86_64:
freeradius-python-2.2.6-7.16.amzn1.x86_64
freeradius-utils-2.2.6-7.16.amzn1.x86_64
freeradius-mysql-2.2.6-7.16.amzn1.x86_64
freeradius-2.2.6-7.16.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
freeradius-perl-2.2.6-7.16.amzn1.x86_64
freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
freeradius-ldap-2.2.6-7.16.amzn1.x86_64
freeradius-krb5-2.2.6-7.16.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-865.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU7557
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10983
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP option 63 with non-zero contents to vulnerable system and trigger denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
freeradius-mysql-2.2.6-7.16.amzn1.i686
freeradius-ldap-2.2.6-7.16.amzn1.i686
freeradius-krb5-2.2.6-7.16.amzn1.i686
freeradius-python-2.2.6-7.16.amzn1.i686
freeradius-unixODBC-2.2.6-7.16.amzn1.i686
freeradius-postgresql-2.2.6-7.16.amzn1.i686
freeradius-debuginfo-2.2.6-7.16.amzn1.i686
freeradius-utils-2.2.6-7.16.amzn1.i686
freeradius-perl-2.2.6-7.16.amzn1.i686
freeradius-2.2.6-7.16.amzn1.i686
src:
freeradius-2.2.6-7.16.amzn1.src
x86_64:
freeradius-python-2.2.6-7.16.amzn1.x86_64
freeradius-utils-2.2.6-7.16.amzn1.x86_64
freeradius-mysql-2.2.6-7.16.amzn1.x86_64
freeradius-2.2.6-7.16.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
freeradius-perl-2.2.6-7.16.amzn1.x86_64
freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
freeradius-ldap-2.2.6-7.16.amzn1.x86_64
freeradius-krb5-2.2.6-7.16.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-865.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU7554
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10980
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in decode_tlv() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with option 82 and multiple sub-options to vulnerable system and trigger denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
freeradius-mysql-2.2.6-7.16.amzn1.i686
freeradius-ldap-2.2.6-7.16.amzn1.i686
freeradius-krb5-2.2.6-7.16.amzn1.i686
freeradius-python-2.2.6-7.16.amzn1.i686
freeradius-unixODBC-2.2.6-7.16.amzn1.i686
freeradius-postgresql-2.2.6-7.16.amzn1.i686
freeradius-debuginfo-2.2.6-7.16.amzn1.i686
freeradius-utils-2.2.6-7.16.amzn1.i686
freeradius-perl-2.2.6-7.16.amzn1.i686
freeradius-2.2.6-7.16.amzn1.i686
src:
freeradius-2.2.6-7.16.amzn1.src
x86_64:
freeradius-python-2.2.6-7.16.amzn1.x86_64
freeradius-utils-2.2.6-7.16.amzn1.x86_64
freeradius-mysql-2.2.6-7.16.amzn1.x86_64
freeradius-2.2.6-7.16.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
freeradius-perl-2.2.6-7.16.amzn1.x86_64
freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
freeradius-ldap-2.2.6-7.16.amzn1.x86_64
freeradius-krb5-2.2.6-7.16.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-865.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU7555
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-10981
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options to vulnerable system and trigger denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
freeradius-mysql-2.2.6-7.16.amzn1.i686
freeradius-ldap-2.2.6-7.16.amzn1.i686
freeradius-krb5-2.2.6-7.16.amzn1.i686
freeradius-python-2.2.6-7.16.amzn1.i686
freeradius-unixODBC-2.2.6-7.16.amzn1.i686
freeradius-postgresql-2.2.6-7.16.amzn1.i686
freeradius-debuginfo-2.2.6-7.16.amzn1.i686
freeradius-utils-2.2.6-7.16.amzn1.i686
freeradius-perl-2.2.6-7.16.amzn1.i686
freeradius-2.2.6-7.16.amzn1.i686
src:
freeradius-2.2.6-7.16.amzn1.src
x86_64:
freeradius-python-2.2.6-7.16.amzn1.x86_64
freeradius-utils-2.2.6-7.16.amzn1.x86_64
freeradius-mysql-2.2.6-7.16.amzn1.x86_64
freeradius-2.2.6-7.16.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
freeradius-perl-2.2.6-7.16.amzn1.x86_64
freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
freeradius-ldap-2.2.6-7.16.amzn1.x86_64
freeradius-krb5-2.2.6-7.16.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-865.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU7553
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-10979
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing RADIUS packets in rad_coalesce() function. A remote unauthenticated attacker can send a specially crafted packet with iverly long WiMAX attribute, trigger buffer overflow and crash the affected server or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
freeradius-mysql-2.2.6-7.16.amzn1.i686
freeradius-ldap-2.2.6-7.16.amzn1.i686
freeradius-krb5-2.2.6-7.16.amzn1.i686
freeradius-python-2.2.6-7.16.amzn1.i686
freeradius-unixODBC-2.2.6-7.16.amzn1.i686
freeradius-postgresql-2.2.6-7.16.amzn1.i686
freeradius-debuginfo-2.2.6-7.16.amzn1.i686
freeradius-utils-2.2.6-7.16.amzn1.i686
freeradius-perl-2.2.6-7.16.amzn1.i686
freeradius-2.2.6-7.16.amzn1.i686
src:
freeradius-2.2.6-7.16.amzn1.src
x86_64:
freeradius-python-2.2.6-7.16.amzn1.x86_64
freeradius-utils-2.2.6-7.16.amzn1.x86_64
freeradius-mysql-2.2.6-7.16.amzn1.x86_64
freeradius-2.2.6-7.16.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
freeradius-perl-2.2.6-7.16.amzn1.x86_64
freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
freeradius-ldap-2.2.6-7.16.amzn1.x86_64
freeradius-krb5-2.2.6-7.16.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-865.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU7552
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-10978
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in make_secret() function when processing RADIUS packets. A remote unauthenticated attacker can send a specially crafted RADIUS packet and crash the affected server.
Successful exploitation of this vulnerability may result in denial of service attack.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
freeradius-mysql-2.2.6-7.16.amzn1.i686
freeradius-ldap-2.2.6-7.16.amzn1.i686
freeradius-krb5-2.2.6-7.16.amzn1.i686
freeradius-python-2.2.6-7.16.amzn1.i686
freeradius-unixODBC-2.2.6-7.16.amzn1.i686
freeradius-postgresql-2.2.6-7.16.amzn1.i686
freeradius-debuginfo-2.2.6-7.16.amzn1.i686
freeradius-utils-2.2.6-7.16.amzn1.i686
freeradius-perl-2.2.6-7.16.amzn1.i686
freeradius-2.2.6-7.16.amzn1.i686
src:
freeradius-2.2.6-7.16.amzn1.src
x86_64:
freeradius-python-2.2.6-7.16.amzn1.x86_64
freeradius-utils-2.2.6-7.16.amzn1.x86_64
freeradius-mysql-2.2.6-7.16.amzn1.x86_64
freeradius-2.2.6-7.16.amzn1.x86_64
freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
freeradius-perl-2.2.6-7.16.amzn1.x86_64
freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
freeradius-ldap-2.2.6-7.16.amzn1.x86_64
freeradius-krb5-2.2.6-7.16.amzn1.x86_64
Amazon Linux AMI: All versions
CPE2.3 External linkshttps://alas.aws.amazon.com/ALAS-2017-865.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
