SB2017082803 - OpenSUSE Linux update for freeradius-server 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017082803

SB2017082803 - OpenSUSE Linux update for freeradius-server

Published: August 28, 2017

Security Bulletin ID SB2017082803
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 43% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2017-10978)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in make_secret() function when processing RADIUS packets. A remote unauthenticated attacker can send a specially crafted RADIUS packet and crash the affected server.

Successful exploitation of this vulnerability may result in denial of service attack.


2) Out-of-bounds read (CVE-ID: CVE-2017-10983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP option 63 with non-zero contents to vulnerable system and trigger denial of service attack.


3) Out-of-bounds write (CVE-ID: CVE-2017-10984)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in data2vp_wimax() function when processing WiMAX attributes with "continuation" flag. A remote attacker can send specially crafted packets to vulnerable RADIUS server, trigger out-of-bounds write and crash the affected application or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

4) Infinite loop (CVE-ID: CVE-2017-10985)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to infinite loop when processing specially crafted RADIUS packets. A remote attacker can send 4f 02, 89 02, 90 02, or b4 02 attribute data and perform a denial of service attack.

Successful exploitation of the vulnerability may allow an attacker to exhaust all available memory on the system and render the system unresponsive.

5) Out-of-bounds read (CVE-ID: CVE-2017-10986)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to infinite out-of-bounds read in dhcp_attr2vp() function when decoding string options in an array. A remote attacker can send a specially crafted DHCP packet to vulnerable radius server and crash the affected application.

6) Out-of-bounds read (CVE-ID: CVE-2017-10987)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to out-of-bounds read in fr_dhcp_decode_suboptions() function when processing sub-options in DHCP packets. A remote attacker can send a specially crafted DHCP packet to vulnerable radius server and crash the affected application.

7) Improper input validation (CVE-ID: CVE-2017-10988)

The vulnerability allows a remote attacker to possibly perform a denial of service attack.

The vulnerability exists due to an incorrect statement length was passed into the sqlite3_prepare () function. A remote attacker can send specially crafted input and perform a denial of service attack.

Remediation

Install update from vendor's website.

References