FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  372986
Date:      2014-11-21
Time:      11:06:59Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
37a5c10f-bf56-11da-b0e9-00123ffe8333freeradius -- EAP-MSCHAPv2 Authentication Bypass

Freeradius Security Contact reports:

Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing.


Discovery 2006-03-21
Entry 2006-03-29
freeradius
ge 1.0.0 lt 1.1.1

CVE-2006-1354
http://www.freeradius.org/security.html#1.1.0
http://secunia.com/advisories/19300/
37a5c10f-bf56-11da-b0e9-00123ffe8333freeradius -- EAP-MSCHAPv2 Authentication Bypass

Freeradius Security Contact reports:

Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing.


Discovery 2006-03-21
Entry 2006-03-29
freeradius
ge 1.0.0 lt 1.1.1

CVE-2006-1354
http://www.freeradius.org/security.html#1.1.0
http://secunia.com/advisories/19300/
1b3f854b-e4bd-11de-b276-000d8787e1befreeradius -- remote packet of death vulnerability

freeRADIUS Vulnerability Notifications reports:

2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.

This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.


Discovery 2009-09-09
Entry 2009-12-14
Modified 2009-12-14
freeradius
lt 1.1.8

CVE-2009-3111
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111
http://freeradius.org/security.html
http://www.milw0rm.com/exploits/9642
c110eda2-e995-11db-a944-0012f06707f0freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

The freeradius development team reports:

A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit.


Discovery 2007-04-10
Entry 2007-04-13
Modified 2010-05-12
freeradius
freeradius-mysql
le 1.1.5

23466
CVE-2005-1455
CVE-2005-1454
CVE-2007-2028
CVE-2005-4745
http://www.freeradius.org/security.html
1b3f854b-e4bd-11de-b276-000d8787e1befreeradius -- remote packet of death vulnerability

freeRADIUS Vulnerability Notifications reports:

2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.

This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.


Discovery 2009-09-09
Entry 2009-12-14
Modified 2009-12-14
freeradius
lt 1.1.8

CVE-2009-3111
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111
http://freeradius.org/security.html
http://www.milw0rm.com/exploits/9642
c110eda2-e995-11db-a944-0012f06707f0freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

The freeradius development team reports:

A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit.


Discovery 2007-04-10
Entry 2007-04-13
Modified 2010-05-12
freeradius
freeradius-mysql
le 1.1.5

23466
CVE-2005-1455
CVE-2005-1454
CVE-2007-2028
CVE-2005-4745
http://www.freeradius.org/security.html