17th July 2017 By Michael Mimoso
FreeRADIUS, the popular open source RADIUS server, today published updates that include fixes for a number of security issues uncovered by a custom fuzzer built by Dutch researcher Guido Vranken.
Vranken used a custom version of libFuzzer to find a handful of serious bugs in OpenVPN that were ultimately patched in late June. A memory leak related to misuse of the OpenSSL API in OpenVPN was also found in and disclosed to FreeRADIUS, prompting the project to commission Vranken to take a closer look at the server software.
What he found were 15 vulnerabilities, nine in RADIUS (five of which are unexploitable, FreeRADIUS said) and six others in DHCP. Two of the RADIUS vulnerabilities are remote code execution bugs.
Powered by WPeMatico