Bug 8726

Summary: freeradius new security issue CVE-2011-4966
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/533041/
Whiteboard: has_procedure mga2-64-ok mga2-32-ok
Source RPM: freeradius-2.1.12-8.1.mga2.src.rpm CVE:
Status comment:
Bug Depends on: 8912    
Bug Blocks:    

Description David Walser 2013-01-17 21:19:09 CET 
RedHat has issued an advisory on January 8:
https://rhn.redhat.com/errata/RHSA-2013-0134.html

Cauldron is not affected (fixed upstream).

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated freeradius packages fix security vulnerability:

It was found that the "unix" module ignored the password expiration
setting in "/etc/shadow". If FreeRADIUS was configured to use this module
for user authentication, this flaw could allow users with an expired
password to successfully authenticate, even though their access should have
been denied (CVE-2011-4966).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966
https://rhn.redhat.com/errata/RHSA-2013-0134.html
========================

Updated packages in core/updates_testing:
========================
freeradius-2.1.12-8.2.mga2
freeradius-krb5-2.1.12-8.2.mga2
freeradius-ldap-2.1.12-8.2.mga2
freeradius-postgresql-2.1.12-8.2.mga2
freeradius-mysql-2.1.12-8.2.mga2
freeradius-unixODBC-2.1.12-8.2.mga2
freeradius-sqlite-2.1.12-8.2.mga2
libfreeradius1-2.1.12-8.2.mga2
libfreeradius-devel-2.1.12-8.2.mga2
freeradius-web-2.1.12-8.2.mga2

from freeradius-2.1.12-8.2.mga2.src.rpm
Comment 1 claire robinson 2013-01-31 11:43:22 CET 
Testing using 'Initial Tests' from here: http://freeradius.org/doc/
claire robinson 2013-01-31 11:43:40 CET

Whiteboard: (none) => has_procedure

claire robinson 2013-01-31 12:07:54 CET

Depends on: (none) => 8912

Comment 2 claire robinson 2013-01-31 12:09:21 CET 
Same failures when started as bug 7447 from October last year.
Created bug 8912 for these.

...etc
WARNING: No such configuration item certdir
/etc/raddb/eap.conf[284]: Reference "${certdir}/bootstrap" not found


Following Dave's advice in bug 7447 comment 11

Commented out line 284 in /etc/raddb/eap.conf
#       make_cert_command = "${certdir}/bootstrap"



Also same failure with directory ownership

# systemctl start radiusd.service
# systemctl status radiusd.service

...

Process: 2010 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=1/FAILURE)

In /lib/systemd/system/radiusd.service change the chown command to have
radius:radius instead of radiusd.radiusd

ExecStartPre=-/bin/chown -R radius.radius /var/run/radiusd

# systemctl --system daemon-reload
# systemctl start radiusd.service
# systemctl status radiusd.service
radiusd.service - FreeRADIUS high performance RADIUS server.
          Loaded: loaded (/lib/systemd/system/radiusd.service; enabled)
          Active: active (running) since Thu, 31 Jan 2013 11:00:56 +0000; 3s ago
         Process: 4157 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
         Process: 4155 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
         Process: 4153 ExecStartPre=/bin/chown -R radius.radius /var/run/radiusd (code=exited, status=0/SUCCESS)
        Main PID: 4158 (radiusd)
          CGroup: name=systemd:/system/radiusd.service
                  รข 4158 /usr/sbin/radiusd -d /etc/raddb
Comment 3 claire robinson 2013-01-31 12:17:44 CET 
Testing complete mga2 64

# echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users
# systemctl restart radiusd.service
# radtest testing password 127.0.0.1 0 testing123
Sending Access-Request of id 105 to 127.0.0.1 port 1812
        User-Name = "testing"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=105, length=20

Whiteboard: has_procedure => has_procedure mga2-64-ok

Comment 4 claire robinson 2013-02-01 17:59:06 CET 
Testing complete mga2 32

Validating

Advisory & SRPM in comment 0

Bug 8912 created for the config & systemd service file issues

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga2-32-ok

Comment 5 Thomas Backlund 2013-02-06 22:56:02 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0026

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED