Showing 1 - 5 of 5

CVE-2017-10978

Status Candidate

Overview

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.

Apple Security Advisory 2017-10-31-12: Posted Nov 1, 2017; Authored by Apple | Site apple.com; Apple Security Advisory 2017-10-31-12 - Additional information for the APPLE-SA-2017-09-25-9 macOS Server 5.4 advisory has been provided that relates to FreeRADIUS and Postfix.; tags | advisory; systems | apple; advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-13826; SHA-256 | ab7f1016be63a4d64acf9e8afda8cb266e256bd54b6c0f883eb1a5a8a72517ed; Download | Favorite | View

Apple Security Advisory 2017-09-25-9: Posted Sep 28, 2017; Authored by Apple | Site apple.com; Apple Security Advisory 2017-09-25-9 - macOS Server 5.4 is now available and addresses multiple vulnerabilities in FreeRADIUS.; tags | advisory, vulnerability; systems | apple; advisories | CVE-2017-10978, CVE-2017-10979; SHA-256 | 55e8bc0b8dac96f5d4ea0c8772595685f930c0aabdaf38ed83e4aefe2c18f431; Download | Favorite | View

Red Hat Security Advisory 2017-2389-01: Posted Aug 2, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-2389-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.; tags | advisory, remote, arbitrary; systems | linux, redhat; advisories | CVE-2017-10978, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987; SHA-256 | b13587cc0c566f3c27fa6579b08097257b0081860b09191feb3c980a18036c6e; Download | Favorite | View

Ubuntu Security Notice USN-3369-1: Posted Jul 27, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3369-1 - Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987; SHA-256 | 2d7269bf484f6ead1a2687767dc01354af1b32f08cd2d4f72d0baaf9e1c1f6c3; Download | Favorite | View

Red Hat Security Advisory 2017-1759-01: Posted Jul 17, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-1759-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.; tags | advisory, remote, arbitrary; systems | linux, redhat; advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983; SHA-256 | c15bef609eb1ab913d68d88b4c2dc9457c9749eb8feb7d799a533157a6978ec0; Download | Favorite | View

Page 1 of 1 Back 1 Next