Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 17 Jul 2017 15:09:53 +0200
From: Guido Vranken <guidovranken@...il.com>
To: oss-security@...ts.openwall.com
Subject: 11 remote vulnerabilities (inc. 2x RCE) in FreeRADIUS packet parsers

"FreeRADIUS is the most widely deployed RADIUS server in the world. It
is the basis for multiple commercial offerings. It supplies the AAA
needs of many Fortune-500 companies and Tier 1 ISPs. "
(http://freeradius.org)

FreeRADIUS asked me to fuzz their DHCP and RADIUS packet parsers in
version 3.0.x (stable branch) and version 2.2.x (EOL, but receives
security updates). 11 distinct issues that can be triggered remotely
were found.

The following is excerpted from
freeradius.org/security/fuzzer-2017.html which I advise you to consult
for more detailed descriptions of the issues at hand.

"There are about as many issues disclosed in this page as in the
previous ten years combined."

v2, v3: CVE-2017-10978. No remote code execution is possible. A denial
of service is possible.
v2: CVE-2017-10979. Remote code execution is possible. A denial of
service is possible.
v2: CVE-2017-10980. No remote code execution is possible. A denial of
service is possible.
v2: CVE-2017-10981. No remote code execution is possible. A denial of
service is possible.
v2: CVE-2017-10982. No remote code execution is possible. A denial of
service is possible.
v2, v3: CVE-2017-10983. No remote code execution is possible. A denial
of service is possible.
v3: CVE-2017-10984. Remote code execution is possible. A denial of
service is possible.
v3: CVE-2017-10985. No remote code execution is possible. A denial of
service is possible.
v3: CVE-2017-10986. No remote code execution is possible. A denial of
service is possible.
v3: CVE-2017-10987. No remote code execution is possible. A denial of
service is possible.
v3: CVE-2017-10988. No remote code execution is possible. No denial of
service is possible. Exploitation does not cross a privilege boundary
in a correct and realistic product deployment.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ