Download
| Alert*
oval:org.secpod.oval:def:106453
freeradius is installed oval:org.secpod.oval:def:116307 The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now h ... oval:org.secpod.oval:def:116299 The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now h ... oval:org.secpod.oval:def:500563 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS ... oval:org.secpod.oval:def:54586 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:1801403 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801404 freeradius is installed oval:org.secpod.oval:def:1801405 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801406 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801407 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:106452 The FreeRADIUS Server Project is a high performance and highly configurable GPL"d free RADIUS server. The server is similar in some respects to Livingston"s 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don"t share a lot in common any more. It now has many more ... oval:org.secpod.oval:def:106459 The FreeRADIUS Server Project is a high performance and highly configurable GPL"d free RADIUS server. The server is similar in some respects to Livingston"s 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don"t share a lot in common any more. It now has many more ... oval:org.secpod.oval:def:204656 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ... oval:org.secpod.oval:def:204534 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS ... oval:org.secpod.oval:def:1300284 Updated freeradius package fixes security vulnerability: SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlm_pap module if the password source uses an unusually long hashed password . oval:org.secpod.oval:def:703651 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS would allow unintended access over the network. oval:org.secpod.oval:def:202095 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS ... oval:org.secpod.oval:def:21 FreeRADIUS is installed oval:org.secpod.oval:def:701911 freeradius is installed oval:org.secpod.oval:def:89044616 This update for freeradius fixes the following issues: Security issues fixed: - CVE-2017-10988: Decode "signed" attributes correctly. - CVE-2017-10987: Check for option overflowing the packet. - CVE-2017-10985: Fix infinite loop and memory exhaustion with "concat" attributes. - CVE-2017-10984: Fi ... oval:org.secpod.oval:def:202166 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS ... oval:org.secpod.oval:def:701586 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:112461 The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now has many more ... oval:org.secpod.oval:def:502055 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS ... oval:org.secpod.oval:def:1501917 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502500 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700173 FreeRADIUS mishandles the each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used protection mechanism, aka a Dragonblood issue, a similar issue to CVE-2019-9498 and CVE-2019-9499 .FreeRADIUS before 3.0.19 doe ... oval:org.secpod.oval:def:704913 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:502705 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: authentication bypass via an invalid curve attack * freeradius: eap-pw ... oval:org.secpod.oval:def:205203 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: authentication bypass via an invalid curve attack * freeradius: eap-pw ... oval:org.secpod.oval:def:1901868 [eap-pwd: authentication bypass via an invalid curve attack] oval:org.secpod.oval:def:1901866 [eap-pwd: fake authentication using reflection] oval:org.secpod.oval:def:507642 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: Information leakage in EAP-PWD * freeradius: Crash on unknown option in EAP-SIM ... oval:org.secpod.oval:def:507735 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: Information leakage in EAP-PWD * freeradius: Crash on unknown option in EAP-SIM ... oval:org.secpod.oval:def:1701201 The EAP-PWD function compute_password_element leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie ... oval:org.secpod.oval:def:88476 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:1506653 [3.0.21-37] - Fix defect found by covscan Resolves: #2151705 [3.0.21-36] - Fix multiple CVEs Resolves: #2151705 Resolves: #2151703 Resolves: #2151707 [3.0.21-35] - Rebuild to add subpackages to CRB report Resolves: #2126380 oval:org.secpod.oval:def:88500 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:204177 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashe ... oval:org.secpod.oval:def:1501104 Moderate: Oracle Linux 6 freeradius security, bug fix, and enhancement update. oval:org.secpod.oval:def:1200175 A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. oval:org.secpod.oval:def:501619 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashe ... oval:org.secpod.oval:def:204541 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ... oval:org.secpod.oval:def:701018 freeradius: a high-performance and highly configurable RADIUS server FreeRADIUS could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:202461 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client c ... oval:org.secpod.oval:def:1601353 A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods oval:org.secpod.oval:def:600885 Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the ... oval:org.secpod.oval:def:500901 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client c ... oval:org.secpod.oval:def:1503625 Updated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:112942 The FreeRADIUS Server Project is a high performance and highly configurable GPLd free RADIUS server. The server is similar in some respects to Livingstons 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they dont share a lot in common any more. It now has many more fe ... oval:org.secpod.oval:def:53113 Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All thos ... oval:org.secpod.oval:def:51857 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:1501974 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501931 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:112936 The FreeRADIUS Server Project is a high performance and highly configurable GPLd free RADIUS server. The server is similar in some respects to Livingstons 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they dont share a lot in common any more. It now has many more fe ... oval:org.secpod.oval:def:502068 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ... oval:org.secpod.oval:def:703730 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:1600745 Out-of-bounds read in fr_dhcp_decode_options:An out-of-bounds read flaw was found in the way FreeRADIUS server handles decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. Out-of-bounds read in fr_dhcp_decode when ... oval:org.secpod.oval:def:502074 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ... oval:org.secpod.oval:def:603047 Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA , did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code. All thos ... oval:org.secpod.oval:def:2500051 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. oval:org.secpod.oval:def:205663 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: privilege escalation due to insecure logrotate configuration * freeradius: eap- ... oval:org.secpod.oval:def:88499 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:68007 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access For more details about t ... oval:org.secpod.oval:def:117549 The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now h ... oval:org.secpod.oval:def:117548 The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. The server is similar in some respects to Livingston's 2.0 server. While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. It now h ... oval:org.secpod.oval:def:1505301 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505304 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:504735 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access For more details about t ... oval:org.secpod.oval:def:66461 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: privilege escalation due to insecure logrotate configuration For more details a ... oval:org.secpod.oval:def:503379 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: privilege escalation due to insecure logrotate configuration For more details a ... |