Synology-SA-17:33 FreeRADIUS

Publish Time: 2017-07-20 00:00:00 UTC+8

Last Updated: 2017-09-08 16:16:39 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple security vulnerabilities which have been found in FreeRADIUS might allow remote attacker to cause a denial-of-service attack or execute arbitrary code on the vulnerable server.

Severity

  • CVE-2017-10978
    • Moderate
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10979
    • Important
    • CVSSv3 Base Score: 8.1
  • CVE-2017-10980
    • Important
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10981
    • Moderate
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10982
    • Moderate
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10983
    • Moderate
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10984
    • Imporatant
    • CVSSv3 Base Score: 8.1
  • CVE-2017-10985
    • Moderate
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10986
    • Moderate
    • CVSSv3 Base Score: 5.9
  • CVE-2017-10987
    • Moderate
    • CVSSv3 Base Score: 5.9

Affected

  • Products
    • Radius Server 2.2.9-0250 and earlier
    • Radius Server 2.3.5-0113 and earlier
  • Models
    • All Synology models

Description

  • CVE-2017-10978
    An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
  • CVE-2017-10979
    An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
  • CVE-2017-10980
    An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
  • CVE-2017-10981
    An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
  • CVE-2017-10982
    An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
  • CVE-2017-10983
    An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
  • CVE-2017-10984
    An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
  • CVE-2017-10985
    An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
  • CVE-2017-10986
    An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
  • CVE-2017-10987
    An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.

Mitigation

None

Update Availability

To fix the security issue, please go to DSM > Package Center and update Radius Server 2.2.10-0251 or above and Radius Server 2.3.10-0114 or above.

Reference