Bug 189826 - CVE-2005-1454,1455,4744, CVE-2006-1354 FreeRADIUS issues
CVE-2005-1454,1455,4744, CVE-2006-1354 FreeRADIUS issues
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: freeradius (Show other bugs)
unspecified
All Linux
medium Severity high
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=important, LEGACY, 1, 2, 3, ne...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-24 17:58 EDT by Marc Deslauriers
Modified: 2007-08-30 16:07 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-30 16:07:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Marc Deslauriers 2006-04-24 17:58:30 EDT
+++ This bug was initially created as a clone of Bug #186083 +++

FreeRADIUS authentication bypass

A bug in the EAP-MSCHAPv2 module could allow an attacker to
improperly authenticate as an aribitrary user.

http://www.freeradius.org/security.html


This issue also affects RHEL3

-- Additional comment from bressers@redhat.com on 2006-03-21 10:28 EST --
Created an attachment (id=126403)
Patch from upstream CVS


-- Additional comment from bugzilla@redhat.com on 2006-04-04 04:45 EST --

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0271.html
Comment 1 Marc Deslauriers 2006-04-24 18:00:26 EDT
A bug was also found in the way FreeRADIUS logs SQL errors from the
sql_unixodbc module. It may be possible for an attacker to cause FreeRADIUS
to crash or execute arbitrary code if they are able to manipulate the SQL
database FreeRADIUS is connecting to. (CVE-2005-4744)

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676
Comment 2 Marc Deslauriers 2006-04-24 18:11:40 EDT
A buffer overflow bug was found in the way FreeRADIUS escapes data in an
SQL query. An attacker may be able to crash FreeRADIUS if they cause
FreeRADIUS to escape a string containing three or less characters. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1454 to this issue.

Additionally a bug was found in the way FreeRADIUS escapes SQL data. It is
possible that an authenticated user could execute arbitrary SQL queries by
sending a specially crafted request to FreeRADIUS. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1455 to this issue. 

https://rhn.redhat.com/errata/RHSA-2005-524.html
Comment 3 Marc Deslauriers 2006-05-04 19:24:30 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA.

964960430c91dd9552addad269e9cb4a9c80b598  1/freeradius-1.0.1-0.FC1.6.legacy.src.rpm
e2b7f001fb5a07ff3e844ba1c61f826e4ae39cf6  2/freeradius-1.0.1-0.FC2.1.legacy.src.rpm
bd895561a3f5f1ec2d37bc35b491a07c6fd2ba6b  3/freeradius-1.0.1-2.FC3.2.legacy.src.rpm

Downloads:

http://www.infostrategique.com/linuxrpms/legacy/1/freeradius-1.0.1-0.FC1.6.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/2/freeradius-1.0.1-0.FC2.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/3/freeradius-1.0.1-2.FC3.2.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEWo+FLMAs/0C4zNoRAk1OAKCBqVGBW5Ph9dfpwb5oV5ukmgz7BwCfXxQg
YNbRf/fLL+W2vDhbA3ZXLfk=
=kBfH
-----END PGP SIGNATURE-----
Comment 4 Pekka Savola 2006-05-05 01:44:15 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patches verified to be identical to RHEL3
 
+PUBLISH FC1, FC2, FC3
 
964960430c91dd9552addad269e9cb4a9c80b598  freeradius-1.0.1-0.FC1.6.legacy.src.rpm
e2b7f001fb5a07ff3e844ba1c61f826e4ae39cf6  freeradius-1.0.1-0.FC2.1.legacy.src.rpm
bd895561a3f5f1ec2d37bc35b491a07c6fd2ba6b  freeradius-1.0.1-2.FC3.2.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFEWue/GHbTkzxSL7QRAtzKAJ9KNTA2bhb1i/d02ptAsP2oTWU45ACgjsfj
wRtOsVhWYXqy1S9unvHNE8I=
=niDg
-----END PGP SIGNATURE-----
Comment 5 Marc Deslauriers 2006-05-12 21:26:44 EDT
I'm having trouble building this in mock. Can someone have a look at:

http://turbosphere.fedoralegacy.org/logs/fedora-3-core/112-freeradius-1.0.1-2.FC3.2.legacy/x86_64/build.log
Comment 6 David Eisenstein 2006-05-14 08:19:09 EDT
It looks like libtool for the x86_64 build is having trouble locating
libpthread.  I sure don't know why though...   So it appears that libtool
is creating .a libraries instead of .so libraries when it cannot dynamically
link in libpthread.

Hope this helps, Marc.
Comment 7 David Eisenstein 2006-06-06 20:57:16 EDT
*ping*  Are we still stuck on this one, Marc?
Comment 8 Jesse Keating 2007-08-30 16:07:26 EDT
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.

Note You need to log in before you can comment on or make changes to this bug.