Amazon Linux AMI update for freeradius



Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2017-10982
CVE-2017-10983
CVE-2017-10980
CVE-2017-10981
CVE-2017-10979
CVE-2017-10978
CWE-ID CWE-125
CWE-401
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU7556

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-10982

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode_options() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options  to vulnerable system and trigger denial of service attack.

Mitigation

Update the affected packages.

i686:
    freeradius-mysql-2.2.6-7.16.amzn1.i686
    freeradius-ldap-2.2.6-7.16.amzn1.i686
    freeradius-krb5-2.2.6-7.16.amzn1.i686
    freeradius-python-2.2.6-7.16.amzn1.i686
    freeradius-unixODBC-2.2.6-7.16.amzn1.i686
    freeradius-postgresql-2.2.6-7.16.amzn1.i686
    freeradius-debuginfo-2.2.6-7.16.amzn1.i686
    freeradius-utils-2.2.6-7.16.amzn1.i686
    freeradius-perl-2.2.6-7.16.amzn1.i686
    freeradius-2.2.6-7.16.amzn1.i686

src:
    freeradius-2.2.6-7.16.amzn1.src

x86_64:
    freeradius-python-2.2.6-7.16.amzn1.x86_64
    freeradius-utils-2.2.6-7.16.amzn1.x86_64
    freeradius-mysql-2.2.6-7.16.amzn1.x86_64
    freeradius-2.2.6-7.16.amzn1.x86_64
    freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
    freeradius-perl-2.2.6-7.16.amzn1.x86_64
    freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
    freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
    freeradius-ldap-2.2.6-7.16.amzn1.x86_64
    freeradius-krb5-2.2.6-7.16.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2017-865.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU7557

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-10983

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP option 63 with non-zero contents to vulnerable system and trigger denial of service attack.

Mitigation

Update the affected packages.

i686:
    freeradius-mysql-2.2.6-7.16.amzn1.i686
    freeradius-ldap-2.2.6-7.16.amzn1.i686
    freeradius-krb5-2.2.6-7.16.amzn1.i686
    freeradius-python-2.2.6-7.16.amzn1.i686
    freeradius-unixODBC-2.2.6-7.16.amzn1.i686
    freeradius-postgresql-2.2.6-7.16.amzn1.i686
    freeradius-debuginfo-2.2.6-7.16.amzn1.i686
    freeradius-utils-2.2.6-7.16.amzn1.i686
    freeradius-perl-2.2.6-7.16.amzn1.i686
    freeradius-2.2.6-7.16.amzn1.i686

src:
    freeradius-2.2.6-7.16.amzn1.src

x86_64:
    freeradius-python-2.2.6-7.16.amzn1.x86_64
    freeradius-utils-2.2.6-7.16.amzn1.x86_64
    freeradius-mysql-2.2.6-7.16.amzn1.x86_64
    freeradius-2.2.6-7.16.amzn1.x86_64
    freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
    freeradius-perl-2.2.6-7.16.amzn1.x86_64
    freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
    freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
    freeradius-ldap-2.2.6-7.16.amzn1.x86_64
    freeradius-krb5-2.2.6-7.16.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2017-865.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU7554

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-10980

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in decode_tlv() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with option 82 and multiple sub-options  to vulnerable system and trigger denial of service attack.

Mitigation

Update the affected packages.

i686:
    freeradius-mysql-2.2.6-7.16.amzn1.i686
    freeradius-ldap-2.2.6-7.16.amzn1.i686
    freeradius-krb5-2.2.6-7.16.amzn1.i686
    freeradius-python-2.2.6-7.16.amzn1.i686
    freeradius-unixODBC-2.2.6-7.16.amzn1.i686
    freeradius-postgresql-2.2.6-7.16.amzn1.i686
    freeradius-debuginfo-2.2.6-7.16.amzn1.i686
    freeradius-utils-2.2.6-7.16.amzn1.i686
    freeradius-perl-2.2.6-7.16.amzn1.i686
    freeradius-2.2.6-7.16.amzn1.i686

src:
    freeradius-2.2.6-7.16.amzn1.src

x86_64:
    freeradius-python-2.2.6-7.16.amzn1.x86_64
    freeradius-utils-2.2.6-7.16.amzn1.x86_64
    freeradius-mysql-2.2.6-7.16.amzn1.x86_64
    freeradius-2.2.6-7.16.amzn1.x86_64
    freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
    freeradius-perl-2.2.6-7.16.amzn1.x86_64
    freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
    freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
    freeradius-ldap-2.2.6-7.16.amzn1.x86_64
    freeradius-krb5-2.2.6-7.16.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2017-865.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU7555

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-10981

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP packets with malicious options  to vulnerable system and trigger denial of service attack.

Mitigation

Update the affected packages.

i686:
    freeradius-mysql-2.2.6-7.16.amzn1.i686
    freeradius-ldap-2.2.6-7.16.amzn1.i686
    freeradius-krb5-2.2.6-7.16.amzn1.i686
    freeradius-python-2.2.6-7.16.amzn1.i686
    freeradius-unixODBC-2.2.6-7.16.amzn1.i686
    freeradius-postgresql-2.2.6-7.16.amzn1.i686
    freeradius-debuginfo-2.2.6-7.16.amzn1.i686
    freeradius-utils-2.2.6-7.16.amzn1.i686
    freeradius-perl-2.2.6-7.16.amzn1.i686
    freeradius-2.2.6-7.16.amzn1.i686

src:
    freeradius-2.2.6-7.16.amzn1.src

x86_64:
    freeradius-python-2.2.6-7.16.amzn1.x86_64
    freeradius-utils-2.2.6-7.16.amzn1.x86_64
    freeradius-mysql-2.2.6-7.16.amzn1.x86_64
    freeradius-2.2.6-7.16.amzn1.x86_64
    freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
    freeradius-perl-2.2.6-7.16.amzn1.x86_64
    freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
    freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
    freeradius-ldap-2.2.6-7.16.amzn1.x86_64
    freeradius-krb5-2.2.6-7.16.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2017-865.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU7553

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-10979

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing RADIUS packets in rad_coalesce() function. A remote unauthenticated attacker can send a specially crafted packet with iverly long WiMAX attribute, trigger buffer overflow and crash the affected server or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

i686:
    freeradius-mysql-2.2.6-7.16.amzn1.i686
    freeradius-ldap-2.2.6-7.16.amzn1.i686
    freeradius-krb5-2.2.6-7.16.amzn1.i686
    freeradius-python-2.2.6-7.16.amzn1.i686
    freeradius-unixODBC-2.2.6-7.16.amzn1.i686
    freeradius-postgresql-2.2.6-7.16.amzn1.i686
    freeradius-debuginfo-2.2.6-7.16.amzn1.i686
    freeradius-utils-2.2.6-7.16.amzn1.i686
    freeradius-perl-2.2.6-7.16.amzn1.i686
    freeradius-2.2.6-7.16.amzn1.i686

src:
    freeradius-2.2.6-7.16.amzn1.src

x86_64:
    freeradius-python-2.2.6-7.16.amzn1.x86_64
    freeradius-utils-2.2.6-7.16.amzn1.x86_64
    freeradius-mysql-2.2.6-7.16.amzn1.x86_64
    freeradius-2.2.6-7.16.amzn1.x86_64
    freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
    freeradius-perl-2.2.6-7.16.amzn1.x86_64
    freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
    freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
    freeradius-ldap-2.2.6-7.16.amzn1.x86_64
    freeradius-krb5-2.2.6-7.16.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2017-865.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU7552

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-10978

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in make_secret() function when processing RADIUS packets. A remote unauthenticated attacker can send a specially crafted RADIUS packet and crash the affected server.

Successful exploitation of this vulnerability may result in denial of service attack.

Mitigation

Update the affected packages.

i686:
    freeradius-mysql-2.2.6-7.16.amzn1.i686
    freeradius-ldap-2.2.6-7.16.amzn1.i686
    freeradius-krb5-2.2.6-7.16.amzn1.i686
    freeradius-python-2.2.6-7.16.amzn1.i686
    freeradius-unixODBC-2.2.6-7.16.amzn1.i686
    freeradius-postgresql-2.2.6-7.16.amzn1.i686
    freeradius-debuginfo-2.2.6-7.16.amzn1.i686
    freeradius-utils-2.2.6-7.16.amzn1.i686
    freeradius-perl-2.2.6-7.16.amzn1.i686
    freeradius-2.2.6-7.16.amzn1.i686

src:
    freeradius-2.2.6-7.16.amzn1.src

x86_64:
    freeradius-python-2.2.6-7.16.amzn1.x86_64
    freeradius-utils-2.2.6-7.16.amzn1.x86_64
    freeradius-mysql-2.2.6-7.16.amzn1.x86_64
    freeradius-2.2.6-7.16.amzn1.x86_64
    freeradius-debuginfo-2.2.6-7.16.amzn1.x86_64
    freeradius-perl-2.2.6-7.16.amzn1.x86_64
    freeradius-postgresql-2.2.6-7.16.amzn1.x86_64
    freeradius-unixODBC-2.2.6-7.16.amzn1.x86_64
    freeradius-ldap-2.2.6-7.16.amzn1.x86_64
    freeradius-krb5-2.2.6-7.16.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2017-865.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###