From $URL: "FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs. " (http://freeradius.org) FreeRADIUS asked me to fuzz their DHCP and RADIUS packet parsers in version 3.0.x (stable branch) and version 2.2.x (EOL, but receives security updates). 11 distinct issues that can be triggered remotely were found. The following is excerpted from freeradius.org/security/fuzzer-2017.html which I advise you to consult for more detailed descriptions of the issues at hand. "There are about as many issues disclosed in this page as in the previous ten years combined." v2, v3: CVE-2017-10978. No remote code execution is possible. A denial of service is possible. v2: CVE-2017-10979. Remote code execution is possible. A denial of service is possible. v2: CVE-2017-10980. No remote code execution is possible. A denial of service is possible. v2: CVE-2017-10981. No remote code execution is possible. A denial of service is possible. v2: CVE-2017-10982. No remote code execution is possible. A denial of service is possible. v2, v3: CVE-2017-10983. No remote code execution is possible. A denial of service is possible. v3: CVE-2017-10984. Remote code execution is possible. A denial of service is possible. v3: CVE-2017-10985. No remote code execution is possible. A denial of service is possible. v3: CVE-2017-10986. No remote code execution is possible. A denial of service is possible. v3: CVE-2017-10987. No remote code execution is possible. A denial of service is possible. v3: CVE-2017-10988. No remote code execution is possible. No denial of service is possible. Exploitation does not cross a privilege boundary in a correct and realistic product deployment.
From URL: In June 2017, Guido Vranken found a number of issues with OpenVPN. One issue was a slow memory leak due to mis-use of the OpenSSL API. He contacted us to say that FreeRADIUS had the same issue as OpenVPN. We fixed that issue immediately in the the v2.x.x branch, and also fixed it in the v3.0.x branch, and the v4.0.x branch. The v3.1.x branch is unsupported, and has been deleted. Similarly, we do not discuss the v0 or v1 releases, as those are end of life and unsupported.
isn't this solved stabilizing 3.0.15? I think that version fixes this
B2 because there are some write issues.
(In reply to Agostino Sarubbo from comment #3) > B2 because there are some write issues. Did you actually read the CVEs?
amd64 stable
x86 stable Last arch. @ Maintainer(s): Please cleanup and drop =net-dialup/freeradius-3.0.14!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab4cddf3a9a969fac7236dff8e61f4c4b05eb36e commit ab4cddf3a9a969fac7236dff8e61f4c4b05eb36e Author: Michael Palimaka <kensington@gentoo.org> AuthorDate: 2017-11-15 12:06:41 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2017-11-15 12:06:50 +0000 net-dialup/freeradius: remove vulnerable 3.0.14 Bug: https://bugs.gentoo.org/625410 Package-Manager: Portage-2.3.8, Repoman-2.3.4 net-dialup/freeradius/Manifest | 1 - net-dialup/freeradius/freeradius-3.0.14.ebuild | 225 ------------------------- 2 files changed, 226 deletions(-)}
GLSA Vote: No Thank you all.
