Bug 1695748 (CVE-2019-11235)
Summary: | CVE-2019-11235 freeradius: eap-pwd: authentication bypass via an invalid curve attack | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ascheel, dpal, fdvorak, jdennis, lemenkov, nikolai.kondrashov, pkis, rharwood, rschiron, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | freeradius 3.0.19 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and integrity.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:53:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1699413, 1699414, 1699415, 1699416, 1699417, 1699418 | ||
Bug Blocks: | 1695784 |
Description
Laura Pardo
2019-04-03 17:38:33 UTC
Public now via upstream security page: https://freeradius.org/security/ Fixed upstream in freeradius 3.0.19: http://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 Upstream commit: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769 EAP-PWD support was first added in freeradius 3.0.0, so earlier versions as shipped in Red Hat Enterprise Linux 6 and earlier are not affected. Created freeradius tracking bugs for this issue: Affects: fedora-all [bug 1699415] When a EAP-PWD Commit frame is received, a vulnerable implementation does not check that the received point is on the elliptic curve and that is not at infinity and/or it does not check that the received scalar is within the right range. Those conditions should be checked and the handshake should be aborted if the data is not valid. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1131 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1142 https://access.redhat.com/errata/RHSA-2019:1142 |