CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.2%
Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets. This would allow a remote attacker to cause a denial-of-service by application crash, or potentially execute arbitrary code.
All those issues are covered by this single DSA, but it’s worth noting that not all issues affect all releases :
CVE-2017-10978 and CVE-2017-10983 affect both jessie and stretch;
CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and CVE-2017-10982 affect only jessie;
CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and CVE-2017-10987 affect only stretch.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3930. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(102371);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2017-10978", "CVE-2017-10979", "CVE-2017-10980", "CVE-2017-10981", "CVE-2017-10982", "CVE-2017-10983", "CVE-2017-10984", "CVE-2017-10985", "CVE-2017-10986", "CVE-2017-10987");
script_xref(name:"DSA", value:"3930");
script_name(english:"Debian DSA-3930-1 : freeradius - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Guido Vranken discovered that FreeRADIUS, an open source
implementation of RADIUS, the IETF protocol for AAA (Authorisation,
Authentication, and Accounting), did not properly handle memory when
processing packets. This would allow a remote attacker to cause a
denial-of-service by application crash, or potentially execute
arbitrary code.
All those issues are covered by this single DSA, but it's worth noting
that not all issues affect all releases :
- CVE-2017-10978 and CVE-2017-10983 affect both jessie and
stretch;
- CVE-2017-10979, CVE-2017-10980, CVE-2017-10981 and
CVE-2017-10982 affect only jessie;
- CVE-2017-10984, CVE-2017-10985, CVE-2017-10986 and
CVE-2017-10987 affect only stretch."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868765"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10978"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10983"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10979"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10980"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10981"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10982"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10984"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10985"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10986"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2017-10987"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/freeradius"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/stretch/freeradius"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2017/dsa-3930"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the freeradius packages.
For the oldstable distribution (jessie), these problems have been
fixed in version 2.2.5+dfsg-0.2+deb8u1.
For the stable distribution (stretch), these problems have been fixed
in version 3.0.12+dfsg-5+deb9u1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:freeradius");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"freeradius", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-common", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-dbg", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-iodbc", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-krb5", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-ldap", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-mysql", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-postgresql", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"freeradius-utils", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libfreeradius-dev", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libfreeradius2", reference:"2.2.5+dfsg-0.2+deb8u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-common", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-config", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-dhcp", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-iodbc", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-krb5", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-ldap", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-memcached", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-mysql", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-postgresql", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-redis", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-rest", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-utils", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"freeradius-yubikey", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libfreeradius-dev", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libfreeradius3", reference:"3.0.12+dfsg-5+deb9u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10987
bugs.debian.org/cgi-bin/bugreport.cgi?bug=868765
packages.debian.org/source/jessie/freeradius
packages.debian.org/source/stretch/freeradius
security-tracker.debian.org/tracker/CVE-2017-10978
security-tracker.debian.org/tracker/CVE-2017-10979
security-tracker.debian.org/tracker/CVE-2017-10980
security-tracker.debian.org/tracker/CVE-2017-10981
security-tracker.debian.org/tracker/CVE-2017-10982
security-tracker.debian.org/tracker/CVE-2017-10983
security-tracker.debian.org/tracker/CVE-2017-10984
security-tracker.debian.org/tracker/CVE-2017-10985
security-tracker.debian.org/tracker/CVE-2017-10986
security-tracker.debian.org/tracker/CVE-2017-10987
www.debian.org/security/2017/dsa-3930
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
98.2%