Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 24.04 LTS USN-7055-1 high: freeradius authentication bypass

ubuntu
Calendar Grey October 3, 2024
Dist Ubuntu Esm H88
The Ubuntu Security Alert USN-7056-1 has disclosed a critical vulnerability in OpenSSH that enables remote access without proper authentication.
A system authentication measure could be bypassed.

Summary

A system authentication measure could be bypassed.

Software Description:

- freeradius: high-performance and highly configurable RADIUS server

Details:

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc

Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated

certain responses. An attacker able to intercept communications between a

RADIUS client and server could possibly use this issue to forge responses,

bypass authentication, and access network devices and services.

This update introduces new configuration options called "limit_proxy_state"

and "require_message_authenticator" that default to "auto" but should be

set to "yes" once all RADIUS devices have been upgraded on a network.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   freeradius                      3.2.5+dfsg-3~ubuntu24.04.1

Ubuntu 22.04 LTS
   freeradius                      3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3

Ubuntu 20.04 LTS
   freeradius                      3.0.20+dfsg-3ubuntu0.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7055-1

CVE-2024-3596

Ubuntu Security Notice USN-7055-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here