FreeBSD : FreeRadius -- Multiple vulnerabilities (79bbec7e-8141-11e7-b5af-a4badb2f4699)

High Nessus Plugin ID 102491


The remote FreeBSD host is missing a security-related update.


Guido Vranken reports :

Multiple vulnerabilities found via fuzzing : FR-GV-201 (v2,v3) Read / write overflow in make_secret() FR-GV-202 (v2) Write overflow in rad_coalesce() FR-GV-203 (v2) DHCP - Memory leak in decode_tlv() FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode() FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options() FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63 FR-GV-207 (v2) Zero-length malloc in data2vp() FR-GV-301 (v3) Write overflow in data2vp_wimax() FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp() FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions() FR-GV-305 (v3) Decode 'signed' attributes correctly FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data FR-AD-002 (v3) String lifetime issues in rlm_python FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 102491

File Name: freebsd_pkg_79bbec7e814111e7b5afa4badb2f4699.nasl

Version: $Revision: 3.1 $

Type: local

Published: 2017/08/15

Modified: 2017/08/15

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freeradius3, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/08/14

Vulnerability Publication Date: 2017/06/17