FreeRADIUS vulnerabilities

2014-02-2600:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

Releases

Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04

Packages

freeradius - a high-performance and highly configurable RADIUS server

Details

It was discovered that FreeRADIUS incorrectly handled unix authentication.
A remote user could successfully authenticate with an expired password.
(CVE-2011-4966)

Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap
hash processing. An authenticated user could use this issue to cause
FreeRADIUS to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases should
reduce the vulnerability to a denial of service. (CVE-2014-2015)

OSVersionArchitecturePackageVersionFilename
Ubuntu13.10noarchfreeradius< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-dbg< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-iodbc< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-krb5< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-ldap< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-mysql< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-postgresql< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchfreeradius-utils< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchlibfreeradius-dev< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN
Ubuntu13.10noarchlibfreeradius2< 2.1.12+dfsg-1.2ubuntu5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	13.10	noarch	freeradius	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-dbg	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-iodbc	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-krb5	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-ldap	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-mysql	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-postgresql	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	freeradius-utils	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	libfreeradius-dev	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN
Ubuntu	13.10	noarch	libfreeradius2	< 2.1.12+dfsg-1.2ubuntu5.1	UNKNOWN