Bug 1586071 (CVE-2018-11574)
Summary: | CVE-2018-11574 ppp: Remote client crash in ppp EAP-TLS patch | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jaskalnik, jskarvad, jsynacek, msekleta, security-response-team, thozza |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-22 04:31:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1590086, 1590087 | ||
Bug Blocks: | 1586073 |
Description
Andrej Nemec
2018-06-05 12:30:46 UTC
Public via: http://seclists.org/oss-sec/2018/q2/173 Created ppp tracking bugs for this issue: Affects: fedora-all [bug 1590087] This flaw does not affect vanilla ppp, only versions patched and compiled with the EAPTLS patch. It can be triggered in both client and server. Examining the entry points to eap-tls.c, it seems that EAPTLS negotiation will be aborted if get_eaptls_secret() fails. This will occur if the ppp instance is running without being configured for EAPTLS (see README.eap-tls). Mitigation: PPP instances must be configured for EAP-TLS authentication to expose this vulnerability. For ppp servers, the file `/etc/ppp/eaptls-server' must exist. For clients, either `/etc/ppp/eaptls-client` must exist or command-line options `ca`, `cert` and `key` must be provided. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-11574 |