SB2020093027 - Red Hat Enterprise Linux 7 update for freeradius

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10143)

The vulnerability allows a local authenticated user to execute arbitrary code.

** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."

2) Information disclosure (CVE-ID: CVE-2019-13456)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way FreeRadius processes EAP-pwd handshakes. on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user.

3) Resource management error (CVE-ID: CVE-2019-17185)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the EAP-pwd module uses a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. A remote attacker can perform multiple login attempts and crash the daemon.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:3984