Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Ubuntu: 3316-1 Critical Advisory for FreeRADIUS Authentication Bypass

ubuntu
Calendar Grey June 7, 2017
Dist Ubuntu Esm H88
OpenVPN may expose sensitive information, leading to exposure vulnerabilities. Secure your Linux system for improved protection.
FreeRADIUS would allow unintended access over the network.

Summary

FreeRADIUS would allow unintended access over the network.

Software Description:

- freeradius: high-performance and highly configurable RADIUS server

Details:

Stefan Winter and Luboš Pavlíček discovered that FreeRADIUS incorrectly

handled the TLS session cache. A remote attacker could possibly use this

issue to bypass authentication by resuming an unauthenticated session.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  freeradius                      3.0.12+dfsg-4ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3316-1

CVE-2017-9148

Severity
critical
Lowest
Low
Medium
High
Critical

June 07, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.