FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
673dce46-46d0-11e7-a539-0050569f7e80FreeRADIUS -- TLS resumption authentication bypass

Stefan Winter reports:

The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.


Discovery 2017-02-03
Entry 2017-06-01
freeradius
freeradius2
freeradius3
< 3.0.14

CVE-2017-9148
http://freeradius.org/security.html
http://seclists.org/oss-sec/2017/q2/342
http://www.securityfocus.com/bid/98734
79bbec7e-8141-11e7-b5af-a4badb2f4699FreeRadius -- Multiple vulnerabilities

Guido Vranken reports:

Multiple vulnerabilities found via fuzzing: FR-GV-201 (v2,v3) Read / write overflow in make_secret() FR-GV-202 (v2) Write overflow in rad_coalesce() FR-GV-203 (v2) DHCP - Memory leak in decode_tlv() FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode() FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options() FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63 FR-GV-207 (v2) Zero-length malloc in data2vp() FR-GV-301 (v3) Write overflow in data2vp_wimax() FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp() FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions() FR-GV-305 (v3) Decode 'signed' attributes correctly FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data FR-AD-002 (v3) String lifetime issues in rlm_python FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare


Discovery 2017-06-17
Entry 2017-08-14
freeradius3
< 3.0.15

http://freeradius.org/security/fuzzer-2017.html