SB2021020517 - openEuler update for freeradius
Published: February 5, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2019-13456)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way FreeRadius processes EAP-pwd handshakes. on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user.
2) Resource management error (CVE-ID: CVE-2019-17185)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the EAP-pwd module uses a global OpenSSL BN_CTX instance to handle all
handshakes. This mean multiple threads use the same BN_CTX instance
concurrently, resulting in crashes when concurrent EAP-pwd handshakes
are initiated. A remote attacker can perform multiple login attempts and crash the daemon.
3) Information disclosure (CVE-ID: CVE-2019-9494)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the implementations of SAE are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. A remote attacker can gain leaked information from a side channel attack that can be used for full password recovery.
Remediation
Install update from vendor's website.