SB2017071829 - Fedora 26 update for freeradius

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017071829

SB2017071829 - Fedora 26 update for freeradius

Published: July 18, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017071829
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 33% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2017-10978)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in make_secret() function when processing RADIUS packets. A remote unauthenticated attacker can send a specially crafted RADIUS packet and crash the affected server.

Successful exploitation of this vulnerability may result in denial of service attack.


2) Out-of-bounds read (CVE-ID: CVE-2017-10983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in fr_dhcp_decode() function when processing DHCP packets. A remote attacker on local network can send specially crafted DHCP option 63 with non-zero contents to vulnerable system and trigger denial of service attack.


3) Out-of-bounds write (CVE-ID: CVE-2017-10984)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in data2vp_wimax() function when processing WiMAX attributes with "continuation" flag. A remote attacker can send specially crafted packets to vulnerable RADIUS server, trigger out-of-bounds write and crash the affected application or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

4) Infinite loop (CVE-ID: CVE-2017-10985)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to infinite loop when processing specially crafted RADIUS packets. A remote attacker can send 4f 02, 89 02, 90 02, or b4 02 attribute data and perform a denial of service attack.

Successful exploitation of the vulnerability may allow an attacker to exhaust all available memory on the system and render the system unresponsive.

5) Out-of-bounds read (CVE-ID: CVE-2017-10986)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to infinite out-of-bounds read in dhcp_attr2vp() function when decoding string options in an array. A remote attacker can send a specially crafted DHCP packet to vulnerable radius server and crash the affected application.

6) Out-of-bounds read (CVE-ID: CVE-2017-10987)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to out-of-bounds read in fr_dhcp_decode_suboptions() function when processing sub-options in DHCP packets. A remote attacker can send a specially crafted DHCP packet to vulnerable radius server and crash the affected application.

Remediation

Install update from vendor's website.

References