Showing 1 - 2 of 2

CVE-2017-10985

Status Candidate

Overview

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.

Red Hat Security Advisory 2017-2389-01: Posted Aug 2, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-2389-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.; tags | advisory, remote, arbitrary; systems | linux, redhat; advisories | CVE-2017-10978, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987; SHA-256 | b13587cc0c566f3c27fa6579b08097257b0081860b09191feb3c980a18036c6e; Download | Favorite | View

Ubuntu Security Notice USN-3369-1: Posted Jul 27, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3369-1 - Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987; SHA-256 | 2d7269bf484f6ead1a2687767dc01354af1b32f08cd2d4f72d0baaf9e1c1f6c3; Download | Favorite | View

Page 1 of 1 Back 1 Next