Bug 1041445 (CVE-2017-9148)

Summary: VUL-0: CVE-2017-9148: freeradius-server: TLS resumption authentication bypass
Product: [Novell Products] SUSE Security Incidents Reporter: Adam Majer <amajer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz, meissner, pcervinka
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/186005/
Whiteboard: CVSSv3:RedHat:CVE-2017-9148:7.4:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) CVSSv3:SUSE:CVE-2017-9148:7.4:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) CVSSv2:SUSE:CVE-2017-9148:5.8:(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVSSv2:NVD:CVE-2017-9148:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2017-9148:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: upstream patch from git
upstream patch from git

Description Adam Majer 2017-05-29 12:56:15 UTC
Created attachment 726814 [details]
upstream patch from git

Description:

TLS client certificate expiration not enforced on session resumption



https://nvd.nist.gov/vuln/detail/CVE-2017-9148
Comment 2 Marcus Meissner 2017-05-30 14:04:55 UTC
ignore last coment
Comment 6 Adam Majer 2017-06-08 09:21:05 UTC
Created attachment 728232 [details]
upstream patch from git
Comment 7 Bernhard Wiedemann 2017-06-08 12:00:43 UTC
This is an autogenerated message for OBS integration:
This bug (1041445) was mentioned in
https://build.opensuse.org/request/show/501884 42.2 / freeradius-server
Comment 12 Swamp Workflow Management 2017-06-19 19:09:28 UTC
openSUSE-SU-2017:1609-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1041445
CVE References: CVE-2017-9148
Sources used:
openSUSE Leap 42.2 (src):    freeradius-server-3.0.12-2.3.1
Comment 13 Petr Cervinka 2017-06-27 12:12:42 UTC
Note for QA reproduction:
You need to run radiusd in production mode, not in debugging mode "radiusd -X".

If you run radiusd in debugging mode, it will crash because of another existing bug bsc#1042145.
Comment 14 Swamp Workflow Management 2017-06-27 19:09:46 UTC
SUSE-SU-2017:1705-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1027243,1041445
CVE References: CVE-2017-9148
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    freeradius-server-3.0.3-17.4.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    freeradius-server-3.0.3-17.4.1
SUSE Linux Enterprise Server 12-SP2 (src):    freeradius-server-3.0.3-17.4.1
Comment 15 Swamp Workflow Management 2017-07-04 19:21:57 UTC
SUSE-SU-2017:1777-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1041445,912873,935573
CVE References: CVE-2015-4680,CVE-2017-9148
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    freeradius-server-2.1.1-7.24.1
SUSE Linux Enterprise Server 11-SP4 (src):    freeradius-server-2.1.1-7.24.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    freeradius-server-2.1.1-7.24.1
Comment 16 Marcus Meissner 2017-10-26 07:33:13 UTC
released