FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1b3f854b-e4bd-11de-b276-000d8787e1befreeradius -- remote packet of death vulnerability

freeRADIUS Vulnerability Notifications reports:

2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.

This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.


Discovery 2009-09-09
Entry 2009-12-14
Modified 2009-12-14
freeradius
< 1.1.8

CVE-2009-3111
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111
http://freeradius.org/security.html
http://www.milw0rm.com/exploits/9642
673dce46-46d0-11e7-a539-0050569f7e80FreeRADIUS -- TLS resumption authentication bypass

Stefan Winter reports:

The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.


Discovery 2017-02-03
Entry 2017-06-01
freeradius
freeradius2
freeradius3
< 3.0.14

CVE-2017-9148
http://freeradius.org/security.html
http://seclists.org/oss-sec/2017/q2/342
http://www.securityfocus.com/bid/98734
c110eda2-e995-11db-a944-0012f06707f0freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

The freeradius development team reports:

A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit.


Discovery 2007-04-10
Entry 2007-04-13
Modified 2010-05-12
freeradius
freeradius-mysql
le 1.1.5

23466
CVE-2005-1455
CVE-2005-1454
CVE-2007-2028
CVE-2005-4745
http://www.freeradius.org/security.html
37a5c10f-bf56-11da-b0e9-00123ffe8333freeradius -- EAP-MSCHAPv2 Authentication Bypass

Freeradius Security Contact reports:

Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing.


Discovery 2006-03-21
Entry 2006-03-29
freeradius
ge 1.0.0 lt 1.1.1

CVE-2006-1354
http://www.freeradius.org/security.html#1.1.0
http://secunia.com/advisories/19300/