Bug 189826

Summary: CVE-2005-1454,1455,4744, CVE-2006-1354 FreeRADIUS issues
Product: [Retired] Fedora Legacy Reporter: Marc Deslauriers <marc.deslauriers>
Component: freeradiusAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: unspecifiedCC: deisenst, pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important, LEGACY, 1, 2, 3, needsbuild
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-30 20:07:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marc Deslauriers 2006-04-24 21:58:30 UTC 
+++ This bug was initially created as a clone of Bug #186083 +++

FreeRADIUS authentication bypass

A bug in the EAP-MSCHAPv2 module could allow an attacker to
improperly authenticate as an aribitrary user.

http://www.freeradius.org/security.html


This issue also affects RHEL3

-- Additional comment from bressers on 2006-03-21 10:28 EST --
Created an attachment (id=126403)
Patch from upstream CVS


-- Additional comment from bugzilla on 2006-04-04 04:45 EST --

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0271.html
Comment 1 Marc Deslauriers 2006-04-24 22:00:26 UTC 
A bug was also found in the way FreeRADIUS logs SQL errors from the
sql_unixodbc module. It may be possible for an attacker to cause FreeRADIUS
to crash or execute arbitrary code if they are able to manipulate the SQL
database FreeRADIUS is connecting to. (CVE-2005-4744)

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
Comment 2 Marc Deslauriers 2006-04-24 22:11:40 UTC 
A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query. An attacker may be able to crash FreeRADIUS if they cause
FreeRADIUS to escape a string containing three or less characters. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is
possible that an authenticated user could execute arbitrary SQL queries by
sending a specially crafted request to FreeRADIUS. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1455 to this issue. 

https://rhn.redhat.com/errata/RHSA-2005-524.html
Comment 3 Marc Deslauriers 2006-05-04 23:24:30 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA.

964960430c91dd9552addad269e9cb4a9c80b598  1/freeradius-1.0.1-0.FC1.6.legacy.src.rpm
e2b7f001fb5a07ff3e844ba1c61f826e4ae39cf6  2/freeradius-1.0.1-0.FC2.1.legacy.src.rpm
bd895561a3f5f1ec2d37bc35b491a07c6fd2ba6b  3/freeradius-1.0.1-2.FC3.2.legacy.src.rpm

Downloads:

http://www.infostrategique.com/linuxrpms/legacy/1/freeradius-1.0.1-0.FC1.6.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/freeradius-1.0.1-0.FC2.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/3/freeradius-1.0.1-2.FC3.2.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEWo+FLMAs/0C4zNoRAk1OAKCBqVGBW5Ph9dfpwb5oV5ukmgz7BwCfXxQg
YNbRf/fLL+W2vDhbA3ZXLfk=
=kBfH
-----END PGP SIGNATURE-----
Comment 4 Pekka Savola 2006-05-05 05:44:15 UTC 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patches verified to be identical to RHEL3
 
+PUBLISH FC1, FC2, FC3
 
964960430c91dd9552addad269e9cb4a9c80b598  freeradius-1.0.1-0.FC1.6.legacy.src.rpm
e2b7f001fb5a07ff3e844ba1c61f826e4ae39cf6  freeradius-1.0.1-0.FC2.1.legacy.src.rpm
bd895561a3f5f1ec2d37bc35b491a07c6fd2ba6b  freeradius-1.0.1-2.FC3.2.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEWue/GHbTkzxSL7QRAtzKAJ9KNTA2bhb1i/d02ptAsP2oTWU45ACgjsfj
wRtOsVhWYXqy1S9unvHNE8I=
=niDg
-----END PGP SIGNATURE-----
Comment 5 Marc Deslauriers 2006-05-13 01:26:44 UTC 
I'm having trouble building this in mock. Can someone have a look at:

http://turbosphere.fedoralegacy.org/logs/fedora-3-core/112-freeradius-1.0.1-2.FC3.2.legacy/x86_64/build.log
Comment 6 David Eisenstein 2006-05-14 12:19:09 UTC 
It looks like libtool for the x86_64 build is having trouble locating
libpthread.  I sure don't know why though...   So it appears that libtool
is creating .a libraries instead of .so libraries when it cannot dynamically
link in libpthread.

Hope this helps, Marc.
Comment 7 David Eisenstein 2006-06-07 00:57:16 UTC 
*ping*  Are we still stuck on this one, Marc?
Comment 8 Jesse Keating 2007-08-30 20:07:26 UTC 
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.