Mageia: 2019-0176 Critical: FreeRADIUS Authentication Issues

mageia

May 18, 2019

An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well

Summary

An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim (CVE-2019-11234).
An invalid curve attack allows an attacker to authenticate as any user (without knowing the password). The problem is that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received elliptic curve point is valid (CVE-2019-11235).

References

- https://bugs.mageia.org/show_bug.cgi?id=24762

- https://bugzilla.redhat.com/show_bug.cgi?id=1695748

- https://bugzilla.redhat.com/show_bug.cgi?id=1695783

- https://access.redhat.com/errata/RHSA-2019:1131

- https://www.cve.org/CVERecord?id=CVE-2019-11234

- https://www.cve.org/CVERecord?id=CVE-2019-11235

Topics Covered

security advisory critical authentication freeradius mageia invalid curve eap-pwd

Resolution

SRPMS

- 6/core/freeradius-3.0.15-1.1.mga6

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 18 May 2019

URL: https://advisories.mageia.org/MGASA-2019-0176.html

Type: security

CVE: CVE-2019-11234, CVE-2019-11235

Topics Covered

security advisory critical authentication freeradius mageia invalid curve eap-pwd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks