Bug 8726 - freeradius new security issue CVE-2011-4966
: freeradius new security issue CVE-2011-4966
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/533041/
: has_procedure mga2-64-ok mga2-32-ok
: validated_update
: 8912
:
  Show dependency treegraph
 
Reported: 2013-01-17 21:19 CET by David Walser
Modified: 2013-02-06 22:56 CET (History)
2 users (show)

See Also:
Source RPM: freeradius-2.1.12-8.1.mga2.src.rpm
CVE:


Attachments

Description David Walser 2013-01-17 21:19:09 CET
RedHat has issued an advisory on January 8:
https://rhn.redhat.com/errata/RHSA-2013-0134.html

Cauldron is not affected (fixed upstream).

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated freeradius packages fix security vulnerability:

It was found that the "unix" module ignored the password expiration
setting in "/etc/shadow". If FreeRADIUS was configured to use this module
for user authentication, this flaw could allow users with an expired
password to successfully authenticate, even though their access should have
been denied (CVE-2011-4966).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966
https://rhn.redhat.com/errata/RHSA-2013-0134.html
========================

Updated packages in core/updates_testing:
========================
freeradius-2.1.12-8.2.mga2
freeradius-krb5-2.1.12-8.2.mga2
freeradius-ldap-2.1.12-8.2.mga2
freeradius-postgresql-2.1.12-8.2.mga2
freeradius-mysql-2.1.12-8.2.mga2
freeradius-unixODBC-2.1.12-8.2.mga2
freeradius-sqlite-2.1.12-8.2.mga2
libfreeradius1-2.1.12-8.2.mga2
libfreeradius-devel-2.1.12-8.2.mga2
freeradius-web-2.1.12-8.2.mga2

from freeradius-2.1.12-8.2.mga2.src.rpm
Comment 1 claire robinson 2013-01-31 11:43:22 CET
Testing using 'Initial Tests' from here: http://freeradius.org/doc/
Comment 2 claire robinson 2013-01-31 12:09:21 CET
Same failures when started as bug 7447 from October last year.
Created bug 8912 for these.

...etc
WARNING: No such configuration item certdir
/etc/raddb/eap.conf[284]: Reference "${certdir}/bootstrap" not found


Following Dave's advice in bug 7447 comment 11

Commented out line 284 in /etc/raddb/eap.conf
#       make_cert_command = "${certdir}/bootstrap"



Also same failure with directory ownership

# systemctl start radiusd.service
# systemctl status radiusd.service

...

Process: 2010 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=1/FAILURE)

In /lib/systemd/system/radiusd.service change the chown command to have
radius:radius instead of radiusd.radiusd

ExecStartPre=-/bin/chown -R radius.radius /var/run/radiusd

# systemctl --system daemon-reload
# systemctl start radiusd.service
# systemctl status radiusd.service
radiusd.service - FreeRADIUS high performance RADIUS server.
          Loaded: loaded (/lib/systemd/system/radiusd.service; enabled)
          Active: active (running) since Thu, 31 Jan 2013 11:00:56 +0000; 3s ago
         Process: 4157 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
         Process: 4155 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
         Process: 4153 ExecStartPre=/bin/chown -R radius.radius /var/run/radiusd (code=exited, status=0/SUCCESS)
        Main PID: 4158 (radiusd)
          CGroup: name=systemd:/system/radiusd.service
                  └ 4158 /usr/sbin/radiusd -d /etc/raddb
Comment 3 claire robinson 2013-01-31 12:17:44 CET
Testing complete mga2 64

# echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users
# systemctl restart radiusd.service
# radtest testing password 127.0.0.1 0 testing123
Sending Access-Request of id 105 to 127.0.0.1 port 1812
        User-Name = "testing"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=105, length=20
Comment 4 claire robinson 2013-02-01 17:59:06 CET
Testing complete mga2 32

Validating

Advisory & SRPM in comment 0

Bug 8912 created for the config & systemd service file issues

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 5 Thomas Backlund 2013-02-06 22:56:02 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0026

Note You need to log in before you can comment on or make changes to this bug.