Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 655
    • Issues 655
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 222
    • Merge Requests 222
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #10327

Closed
Open
Opened Apr 25, 2019 by Alicha CH@alichaReporter

[3.7] freeradius: Multiple vulnerabilities (CVE-2019-11234, CVE-2019-11235)

CVE-2019-11234: eap-pwd: fake authentication using reflection

A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it’s own commit message, and subsequently reflect the confirm value as well. This causes
the adversary to successfully authenticate as the victim. Fortunately, the adversary will not posses the negotiated session key, meaning the adversary cannot actually perform any actions as this user.

Affected Versions:

freeradius 3.0.0 through 3.0.18

Fixed In Version:

freeradius 3.0.19

References:

https://freeradius.org/security/
https://freeradius.org/release\_notes/?br=3.0.x&re=3.0.19

Patches:

https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769

CVE-2019-11235: eap-pwd: authentication bypass via an invalid curve attack

A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user (without knowing the password). The problem is
that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn’t verify whether the received elliptic curve point is valid.

Fixed In Version:

freeradius 3.0.19

References:

https://freeradius.org/security/
https://security-tracker.debian.org/tracker/CVE-2019-11235

Patches:

https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769

(from redmine: issue id 10327, created on 2019-04-25, closed on 2019-04-29)

  • Relations:
    • parent #10324 (closed)
  • Changesets:
    • Revision 354ae2b1 on 2019-04-25T14:30:14Z:
main/freeradius: security fixes (CVE-2019-11234, CVE-2019-11235)

Fixes #10327
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.4
Milestone
3.7.4
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#10327