Bug 1144524 – VUL-0: CVE-2019-13456: freeradius-server: no validation of peer's scalar and elliptic curve point when processing an EAP-pwd Commit frame may lead to authentication bypass

Bug 1144524 - (CVE-2019-13456) VUL-0: CVE-2019-13456: freeradius-server: no validation of peer's scalar and elliptic curve point when processing an EAP-pwd Commit frame may lead to authentication bypass

(CVE-2019-13456)
Summary:	VUL-0: CVE-2019-13456: freeradius-server: no validation of peer's scalar and...

Status:	RESOLVED FIXED
Duplicates:	CVE-2019-20510 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/239060/
Whiteboard:	CVSSv3:SUSE:CVE-2019-13456:5.3:(AV:A/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-08-06 14:19 UTC by Wolfgang Frisch
Modified:	2020-10-19 16:12 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2019-13456-freeradius-a99746c93b8b3ae3be367af0e46f0d6a9626f566.patch (2.58 KB, patch) 2019-08-06 14:22 UTC, Wolfgang Frisch	Details \| Diff
Updated patch (1.62 KB, patch) 2020-03-25 16:54 UTC, Adam Majer	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2019-08-06 14:19:39 UTC

CVE-2019-13456

A flaw was found in the implementation of EAP-pwd in FreeRADIUS. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks.

References:

https://wpa3.mathyvanhoef.com/#new

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1737663
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13456

Comment 2 Wolfgang Frisch 2019-08-06 14:22:31 UTC

Created attachment 813001 [details]
CVE-2019-13456-freeradius-a99746c93b8b3ae3be367af0e46f0d6a9626f566.patch

Comment 3 Adam Majer 2019-08-07 12:17:51 UTC

This is already fixed in openSUSE:Factory. I'll add the bug numbers to changes file though.

Comment 11 Wolfgang Frisch 2020-03-25 15:49:39 UTC

*** Bug 1166858 has been marked as a duplicate of this bug. ***

Comment 14 Adam Majer 2020-03-25 16:54:54 UTC

Created attachment 833862 [details]
Updated patch

Comment 16 Swamp Workflow Management 2020-04-17 10:16:23 UTC

SUSE-SU-2020:1018-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144524,1146848,1166847
CVE References: CVE-2019-13456,CVE-2019-17185
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    freeradius-server-3.0.15-2.14.1
SUSE OpenStack Cloud 8 (src):    freeradius-server-3.0.15-2.14.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    freeradius-server-3.0.15-2.14.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    freeradius-server-3.0.15-2.14.1
SUSE Linux Enterprise Server 12-SP4 (src):    freeradius-server-3.0.15-2.14.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    freeradius-server-3.0.15-2.14.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    freeradius-server-3.0.15-2.14.1
SUSE Enterprise Storage 5 (src):    freeradius-server-3.0.15-2.14.1
HPE Helion Openstack 8 (src):    freeradius-server-3.0.15-2.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2020-04-17 13:17:12 UTC

SUSE-SU-2020:1020-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144524,1146848,1166847
CVE References: CVE-2019-13456,CVE-2019-17185
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    freeradius-server-3.0.19-3.3.1
SUSE Linux Enterprise Server 12-SP5 (src):    freeradius-server-3.0.19-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2020-04-17 13:31:16 UTC

SUSE-SU-2020:1023-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144524,1146848,1166847
CVE References: CVE-2019-13456,CVE-2019-17185
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    freeradius-server-3.0.16-3.6.1
SUSE Linux Enterprise Server 15-LTSS (src):    freeradius-server-3.0.16-3.6.1
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    freeradius-server-3.0.16-3.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    freeradius-server-3.0.16-3.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    freeradius-server-3.0.16-3.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    freeradius-server-3.0.16-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2020-04-26 16:13:19 UTC

openSUSE-SU-2020:0553-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1144524,1146848,1166847
CVE References: CVE-2019-13456,CVE-2019-17185
Sources used:
openSUSE Leap 15.1 (src):    freeradius-server-3.0.16-lp151.4.4.1

Comment 20 Swamp Workflow Management 2020-08-31 16:14:03 UTC

SUSE-SU-2020:2391-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1144524,1166847
CVE References: CVE-2019-13456,CVE-2019-17185
JIRA References: 
Sources used:
SUSE OpenStack Cloud 7 (src):    freeradius-server-3.0.3-17.15.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    freeradius-server-3.0.3-17.15.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    freeradius-server-3.0.3-17.15.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    freeradius-server-3.0.3-17.15.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Wolfgang Frisch 2020-10-19 16:12:43 UTC

Released.