| Summary: | freeradius new security issue CVE-2019-10143, CVE-2019-13456, and CVE-2019-17185 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, herman.viaene, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | freeradius-3.0.19-3.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-12-19 23:30:19 CET
David Walser
2019-12-19 23:30:30 CET
Whiteboard:
(none) =>
MGA7TOO No registered maintainer, assigning globally. CC DavidG as a recent committer. Assignee:
bugsquad =>
pkg-bugs Done for both Cauldron and mga7! Advisory: ======================== Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user (CVE-2019-10143). Denial of service issues due to multithreaded BN_CTX access (CVE-2019-17185). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17185 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/ ======================== Updated packages in core/updates_testing: ======================== freeradius-3.0.20-1.mga7 freeradius-krb5-3.0.20-1.mga7 freeradius-ldap-3.0.20-1.mga7 freeradius-postgresql-3.0.20-1.mga7 freeradius-mysql-3.0.20-1.mga7 freeradius-unixODBC-3.0.20-1.mga7 freeradius-sqlite-3.0.20-1.mga7 freeradius-yubikey-3.0.20-1.mga7 libfreeradius1-3.0.20-1.mga7 libfreeradius-devel-3.0.20-1.mga7 from freeradius-3.0.20-1.mga7.src.rpm Assignee:
pkg-bugs =>
qa-bugs Fedora has issued an advisory on December 1: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/USTITI4A3TVUX3SGO7TJCJ4WWFBZFWLZ/ This has another CVE fixed in 3.0.20. Summary:
freeradius new security issue CVE-2019-10143 and CVE-2019-17185 =>
freeradius new security issue CVE-2019-10143, CVE-2019-13456, and CVE-2019-17185 Advisory: ======================== Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user (CVE-2019-10143). An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks (CVE-2019-13456). Denial of service issues due to multithreaded BN_CTX access (CVE-2019-17185). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13456 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17185 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/USTITI4A3TVUX3SGO7TJCJ4WWFBZFWLZ/ MGA7-64 Plasma on Lenovo B50 No installation issues Ref bug 24762 Comment 5 for testing # systemctl start radiusd # systemctl -l status radiusd ● radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2020-01-02 16:14:48 CET; 14s ago Process: 2739 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Process: 2742 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Main PID: 2744 (radiusd) Memory: 78.1M CGroup: /system.slice/radiusd.service └─2744 /usr/sbin/radiusd -d /etc/raddb jan 02 16:14:47 mach5.hviaene.thuis systemd[1]: Starting FreeRADIUS high performance RADIUS server.... jan 02 16:14:48 mach5.hviaene.thuis systemd[1]: Started FreeRADIUS high performance RADIUS server.. # echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users # systemctl restart radiusd # radtest testing password 127.0.0.1 0 testing123 Sent Access-Request Id 69 from 0.0.0.0:49350 to 127.0.0.1:1812 length 77 User-Name = "testing" User-Password = "password" NAS-IP-Address = 192.168.2.5 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "password" Received Access-Accept Id 69 from 127.0.0.1:1812 to 127.0.0.1:49350 length 20 All seems OK. CC:
(none) =>
herman.viaene Validating. Advisory in Comment 5. Keywords:
(none) =>
validated_update
Thomas Backlund
2020-01-05 12:44:46 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0007.html Resolution:
(none) =>
FIXED |