FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c110eda2-e995-11db-a944-0012f06707f0freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability

The freeradius development team reports:

A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit.


Discovery 2007-04-10
Entry 2007-04-13
Modified 2010-05-12
freeradius
freeradius-mysql
le 1.1.5

23466
CVE-2005-1455
CVE-2005-1454
CVE-2007-2028
CVE-2005-4745
http://www.freeradius.org/security.html
673dce46-46d0-11e7-a539-0050569f7e80FreeRADIUS -- TLS resumption authentication bypass

Stefan Winter reports:

The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.


Discovery 2017-02-03
Entry 2017-06-01
freeradius
freeradius2
freeradius3
< 3.0.14

CVE-2017-9148
http://freeradius.org/security.html
http://seclists.org/oss-sec/2017/q2/342
http://www.securityfocus.com/bid/98734
20dfd134-1d39-11d9-9be9-000c6e8f12effreeradius -- denial-of-service vulnerability

A remote attacker may be able to crash the freeRADIUS Server due to three independant bugs in the function which does improper checking values while processing RADIUS attributes.


Discovery 2004-09-20
Entry 2004-10-13
Modified 2004-10-19
freeradius
ge 0.8.0 lt 1.0.1

CVE-2004-0938
CVE-2004-0960
CVE-2004-0961
http://www.securitytracker.com/alerts/2004/Sep/1011364.html
541574
11222
2fbe16c2-cab6-11d9-9aed-000e0c2e438afreeradius -- sql injection and denial of service vulnerability

A Gentoo Advisory reports:

The FreeRADIUS server is vulnerable to an SQL injection attack and a buffer overflow, possibly resulting in disclosure and modification of data and Denial of Service.


Discovery 2005-05-17
Entry 2005-05-22
Modified 2008-01-20
freeradius
le 1.0.2_1

freeradius-devel
le 1.0.2

13540
13541
http://www.gentoo.org/security/en/glsa/glsa-200505-13.xml
1b3f854b-e4bd-11de-b276-000d8787e1befreeradius -- remote packet of death vulnerability

freeRADIUS Vulnerability Notifications reports:

2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability.

This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.


Discovery 2009-09-09
Entry 2009-12-14
Modified 2009-12-14
freeradius
< 1.1.8

CVE-2009-3111
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111
http://freeradius.org/security.html
http://www.milw0rm.com/exploits/9642