| Summary: | freeradius new security issues CVE-2017-1097[89] and CVE-2017-1098[0-8] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Stefan Puch <s.puch> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, marja11, mhrambo3501, sysadmin-bugs |
| Version: | 6 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://freeradius.org/security/fuzzer-2017.html | ||
| Whiteboard: | advisory MGA5TOO MGA6-32-OK MGA5-32-OK | ||
| Source RPM: | freeradius-3.0.14-1.mga6.src.rpm freeradius-2.2.9-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Stefan Puch
2017-07-17 21:43:42 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package. Assignee:
bugsquad =>
pkg-bugs Should be fixed upstream in 2.2.10 and 3.0.15: http://freeradius.org/security/fuzzer-2017.html Summary:
11 remote vulnerabilities (inc. 2x RCE) in FreeRADIUS: CVE-2017-10978 to CVE-2017-10988 =>
freeradius new security issues CVE-2017-1097[89] and CVE-2017-1098[0-8] Update to version 3.0.15 submitted for cauldron. Updated packages uploaded for Mageia 5 and 6. Advisory: ======================== Updated freeradius package fixes security vulnerabilities: Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service (except for CVE-2017-10988 which was later determined to not actually result in any vulnerability). References: https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10978 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10979 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10983 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10985 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10986 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10987 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10988 ======================== Updated packages in core/updates_testing: ======================== freeradius-2.2.10-1.mga5 freeradius-debuginfo-2.2.10-1.mga5 freeradius-krb5-2.2.10-1.mga5 freeradius-ldap-2.2.10-1.mga5 freeradius-mysql-2.2.10-1.mga5 freeradius-postgresql-2.2.10-1.mga5 freeradius-sqlite-2.2.10-1.mga5 freeradius-unixODBC-2.2.10-1.mga5 freeradius-web-2.2.10-1.mga5 freeradius-yubikey-2.2.10-1.mga5 lib64freeradius1-2.2.10-1.mga5 lib64freeradius-devel-2.2.10-1.mga5 from freeradius-2.2.10-1.mga5.src.rpm freeradius-3.0.15-1.mga6 freeradius-debuginfo-3.0.15-1.mga6 freeradius-krb5-3.0.15-1.mga6 freeradius-ldap-3.0.15-1.mga6 freeradius-mysql-3.0.15-1.mga6 freeradius-postgresql-3.0.15-1.mga6 freeradius-sqlite-3.0.15-1.mga6 freeradius-unixODBC-3.0.15-1.mga6 freeradius-yubikey-3.0.15-1.mga6 lib64freeradius1-3.0.15-1.mga6 lib64freeradius-devel-3.0.15-1.mga6 from freeradius-3.0.15-1.mga6.src.rpm Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=8726 Whiteboard:
MGA6TOO, MGA5TOO =>
MGA5TOO MGA6-32 on Asus A6000VM MATE No installation issues Followed test procedure as per bug 8726 At CLI # systemctl start radiusd.service # systemctl status radiusd.service ● radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: enabled) Active: active (running) since vr 2017-07-28 11:37:08 CEST; 14s ago Process: 15796 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Process: 15792 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Main PID: 15801 (radiusd) CGroup: /system.slice/radiusd.service └─15801 /usr/sbin/radiusd -d /etc/raddb # echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users checked string appended to the file # systemctl restart radiusd # systemctl status radiusd.service ● radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: enabled) Active: active (running) since vr 2017-07-28 11:41:47 CEST; 4s ago Process: 16597 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Process: 16594 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Main PID: 16600 (radiusd) CGroup: /system.slice/radiusd.service └─16600 /usr/sbin/radiusd -d /etc/raddb jul 28 11:41:46 mach6.hviaene.thuis systemd[1]: Stopped FreeRADIUS high performance RADIUS server.. jul 28 11:41:46 mach6.hviaene.thuis systemd[1]: Starting FreeRADIUS high performance RADIUS server.... jul 28 11:41:47 mach6.hviaene.thuis systemd[1]: Started FreeRADIUS high performance RADIUS server.. # radtest testing password 127.0.0.1 0 testing123 Sent Access-Request Id 45 from 0.0.0.0:37690 to 127.0.0.1:1812 length 77 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.2.6 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "password" Received Access-Accept Id 45 from 127.0.0.1:1812 to 0.0.0.0:0 length 20 OK for this M6. CC:
(none) =>
herman.viaene Updated my server on MGA5-32 to freeradius-2.2.10-1.mga5
- No installation problems
- Restart of service was fine
# systemctl restart radiusd.service
# systemctl status radiusd.service
● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled)
Active: active (running) since Fr 2017-07-28 23:17:50 CEST; 5s ago
Process: 934 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
Process: 932 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
Main PID: 938 (radiusd)
CGroup: /system.slice/radiusd.service
└─938 /usr/sbin/radiusd -d /etc/raddb
Jul 28 23:17:50 sfc systemd[1]: Starting FreeRADIUS high performance RADIUS server....
Jul 28 23:17:50 sfc systemd[1]: Started FreeRADIUS high performance RADIUS server..
#
Test procedure as per bug 8726 using radtest was also fine.
MGA5-32-OKWhiteboard:
MGA5TOO MGA6-32-OK =>
MGA5TOO MGA6-32-OK MGA5-32-OK Advisory uploaded, validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0232.html Resolution:
(none) =>
FIXED |