EulerOS 2.0 SP1 : freeradius (EulerOS-SA-2017-1167)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the freeradius package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- An integer overflow leading to a heap-buffer overflow
was found in the libnl library. An attacker could use
this flaw to cause an application compiled with libnl
to crash or possibly execute arbitrary code in the
context of the user running such an application.
(CVE-2017-0553)

- An out-of-bounds read and write flaw was found in the
way FreeRADIUS server handled RADIUS packets. A remote
attacker could use this flaw to crash the FreeRADIUS
server by sending a specially crafted RADIUS packet.
(CVE-2017-10978)

- A denial of service flaw was found in the way
FreeRADIUS server handled certain attributes in request
packets. A remote attacker could use this flaw to cause
the FreeRADIUS server to enter an infinite loop,
consume increasing amounts of memory resources, and
ultimately crash by sending a specially crafted request
packet. (CVE-2017-10985)

- Multiple out-of-bounds read flaws were found in the way
FreeRADIUS server handled decoding of DHCP packets. A
remote attacker could use these flaws to crash the
FreeRADIUS server by sending a specially crafted DHCP
request. (CVE-2017-10986, CVE-2017-10987)

- An out-of-bounds read flaw was found in the way
FreeRADIUS server handled decoding of DHCP packets. A
remote attacker could use this flaw to crash the
FreeRADIUS server by sending a specially crafted DHCP
request. (CVE-2017-10983)

- Multiple out-of-bounds read flaws were found in the way
FreeRADIUS server handled decoding of DHCP packets. A
remote attacker could use these flaws to crash the
FreeRADIUS server by sending a specially crafted DHCP
request. (CVE-2017-10986, CVE-2017-10987)

- An out-of-bounds write flaw was found in the way
FreeRADIUS server handled certain attributes in request
packets. A remote attacker could use this flaw to crash
the FreeRADIUS server or to execute arbitrary code in
the context of the FreeRADIUS server process by sending
a specially crafted request packet. (CVE-2017-10984)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?637fb1d4

Solution :

Update the affected freeradius packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Huawei Local Security Checks

Nessus Plugin ID: 103005 ()

Bugtraq ID:

CVE ID: CVE-2017-10978
CVE-2017-10983
CVE-2017-10984
CVE-2017-10985
CVE-2017-10986
CVE-2017-10987

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now