Red Hat Enterprise Linux 7 update for freeradius
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-10143 CVE-2019-13456 CVE-2019-17185 |
| CWE-ID | CWE-264 CWE-200 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
freeradius (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, big endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU33417
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-10143
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
MitigationInstall updates from vendor's website.
freeradius (Red Hat package): 3.0.13-8.el7_4 - 3.0.13-10.el7_6
Red Hat Enterprise Linux for Power, little endian: 7
Red Hat Enterprise Linux for Power, big endian: 7
Red Hat Enterprise Linux for IBM z Systems: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
CPE2.3- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-8.el7_4:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-9.el7_4:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-10.el7_6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2020:3984
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU27344
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-13456
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way FreeRadius processes EAP-pwd handshakes. on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user.
MitigationInstall updates from vendor's website.
freeradius (Red Hat package): 3.0.13-8.el7_4 - 3.0.13-10.el7_6
Red Hat Enterprise Linux for Power, little endian: 7
Red Hat Enterprise Linux for Power, big endian: 7
Red Hat Enterprise Linux for IBM z Systems: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
CPE2.3- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-8.el7_4:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-9.el7_4:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-10.el7_6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2020:3984
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU27346
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-17185
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the EAP-pwd module uses a global OpenSSL BN_CTX instance to handle all
handshakes. This mean multiple threads use the same BN_CTX instance
concurrently, resulting in crashes when concurrent EAP-pwd handshakes
are initiated. A remote attacker can perform multiple login attempts and crash the daemon.
Install updates from vendor's website.
freeradius (Red Hat package): 3.0.13-8.el7_4 - 3.0.13-10.el7_6
Red Hat Enterprise Linux for Power, little endian: 7
Red Hat Enterprise Linux for Power, big endian: 7
Red Hat Enterprise Linux for IBM z Systems: 7
Red Hat Enterprise Linux Workstation: 7
Red Hat Enterprise Linux Server: 7
CPE2.3- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-8.el7_4:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-9.el7_4:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:freeradius_redhat_package:3.0.13-10.el7_6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_big_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2020:3984
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
