Bird_banner_small4
FreeRADIUS fr_dhcp_attr2vp Integer Underflow Out of Bounds Read
TSL ID TSL20170718-08
CVE ID(s) CVE-2017-10986
Severity Critical
Description

An integer underflow vulnerability leading to an out of bounds read has been reported in the DHCP module of FreeRADIUS. The vulnerability is due to insufficient handling of string array DHCP options.

A remote attacker can exploit this vulnerability by sending a crafted DHCP packet which will be received by the target server. Successful exploitation results in termination of the radiusd process.

The vendor, FreeRADIUS, has released the following advisory regarding this vulnerability:

http://freeradius.org/security/fuzzer-2017.html#FR-GV-303

Affected Products
  • FreeRADIUS Server Project FreeRADIUS 3.0.0 through 3.0.14
CVSS Score Base 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.8 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References http://freeradius.org/security/fuzzer-2017.html#FR-GV-303
Related Threats