First Last Prev Next    This bug is not in your last search results.
Bug 1132549 - (CVE-2019-11235) VUL-0: CVE-2019-11235: freeradius-server: freeradius: eap-pwd: authentication bypass via an invalid curve attack
(CVE-2019-11235)
VUL-0: CVE-2019-11235: freeradius-server: freeradius: eap-pwd: authentication...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/229628/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-15 14:34 UTC by Alexandros Toptsoglou
Modified: 2020-04-23 13:29 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-04-15 14:34:37 UTC 
CVE-2019-11235

A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user (without knowing the password). The problem is that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received elliptic curve point is valid.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1695748
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11235
Comment 1 Alexandros Toptsoglou 2019-04-15 14:43:11 UTC 
According to upstream[1] support for EAP-PWD shipped in 3.0.x. Thus all version from 3.0.0 up to and including 3.0.18 are affected. Thus  SLE12 ,SLE12-SP3 and SLE15 are affected. 
Regarding openSUSE, LEAP 15.0 and 42.3 are affected. TW has been already updtated to 3.0.19 which is not affected. 
The upstream fix is located at [2] and [3].

[1] https://freeradius.org/security/
[2] https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
[3] https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
Comment 6 Swamp Workflow Management 2019-04-25 16:10:50 UTC 
SUSE-SU-2019:1039-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1132549,1132664
CVE References: CVE-2019-11234,CVE-2019-11235
Sources used:
SUSE OpenStack Cloud 7 (src):    freeradius-server-3.0.3-17.12.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    freeradius-server-3.0.3-17.12.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    freeradius-server-3.0.3-17.12.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    freeradius-server-3.0.3-17.12.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    freeradius-server-3.0.3-17.12.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    freeradius-server-3.0.3-17.12.1
SUSE Linux Enterprise Server 12-LTSS (src):    freeradius-server-3.0.3-17.12.1
SUSE Enterprise Storage 4 (src):    freeradius-server-3.0.3-17.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2019-04-29 13:11:27 UTC 
SUSE-SU-2019:1086-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1132549,1132664
CVE References: CVE-2019-11234,CVE-2019-11235
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    freeradius-server-3.0.16-3.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    freeradius-server-3.0.16-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-05-07 19:11:17 UTC 
SUSE-SU-2019:1181-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1132549,1132664
CVE References: CVE-2019-11234,CVE-2019-11235
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    freeradius-server-3.0.15-2.11.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    freeradius-server-3.0.15-2.11.2
SUSE Linux Enterprise Server 12-SP4 (src):    freeradius-server-3.0.15-2.11.2
SUSE Linux Enterprise Server 12-SP3 (src):    freeradius-server-3.0.15-2.11.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-05-08 13:12:02 UTC 
openSUSE-SU-2019:1346-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1132549,1132664
CVE References: CVE-2019-11234,CVE-2019-11235
Sources used:
openSUSE Leap 15.0 (src):    freeradius-server-3.0.16-lp150.2.3.1
Comment 10 Swamp Workflow Management 2019-05-13 16:17:28 UTC 
openSUSE-SU-2019:1394-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1132549,1132664
CVE References: CVE-2019-11234,CVE-2019-11235
Sources used:
openSUSE Leap 42.3 (src):    freeradius-server-3.0.15-9.1
Comment 11 Swamp Workflow Management 2019-05-27 13:20:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1132549) was mentioned in
https://build.opensuse.org/request/show/705673 Factory / freeradius-server
Comment 14 Marcus Meissner 2019-10-29 06:56:08 UTC 
released
Comment 17 Swamp Workflow Management 2020-04-23 13:29:28 UTC 
openSUSE-SU-2020:0542-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1132549,1132664
CVE References: CVE-2019-11234,CVE-2019-11235
Sources used:
openSUSE Leap 15.1 (src):    freeradius-server-3.0.16-lp151.4.3.1
First Last Prev Next    This bug is not in your last search results.