openEuler update for freeradius
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2019-13456 CVE-2019-17185 CVE-2019-9494 |
| CWE-ID | CWE-200 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python2-freeradius Operating systems & Components / Operating system package or component freeradius-utils Operating systems & Components / Operating system package or component freeradius-sqlite Operating systems & Components / Operating system package or component freeradius-postgresql Operating systems & Components / Operating system package or component freeradius-perl Operating systems & Components / Operating system package or component freeradius-mysql Operating systems & Components / Operating system package or component freeradius-ldap Operating systems & Components / Operating system package or component freeradius-krb5 Operating systems & Components / Operating system package or component freeradius-help Operating systems & Components / Operating system package or component freeradius-devel Operating systems & Components / Operating system package or component freeradius-debugsource Operating systems & Components / Operating system package or component freeradius-debuginfo Operating systems & Components / Operating system package or component freeradius Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU27344
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-13456
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way FreeRadius processes EAP-pwd handshakes. on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS
python2-freeradius: before 3.0.15-21
freeradius-utils: before 3.0.15-21
freeradius-sqlite: before 3.0.15-21
freeradius-postgresql: before 3.0.15-21
freeradius-perl: before 3.0.15-21
freeradius-mysql: before 3.0.15-21
freeradius-ldap: before 3.0.15-21
freeradius-krb5: before 3.0.15-21
freeradius-help: before 3.0.15-21
freeradius-devel: before 3.0.15-21
freeradius-debugsource: before 3.0.15-21
freeradius-debuginfo: before 3.0.15-21
freeradius: before 3.0.15-21
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python2-freeradius:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-utils:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-sqlite:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-postgresql:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-perl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-mysql:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-ldap:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-krb5:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU27346
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-17185
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the EAP-pwd module uses a global OpenSSL BN_CTX instance to handle all
handshakes. This mean multiple threads use the same BN_CTX instance
concurrently, resulting in crashes when concurrent EAP-pwd handshakes
are initiated. A remote attacker can perform multiple login attempts and crash the daemon.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS
python2-freeradius: before 3.0.15-21
freeradius-utils: before 3.0.15-21
freeradius-sqlite: before 3.0.15-21
freeradius-postgresql: before 3.0.15-21
freeradius-perl: before 3.0.15-21
freeradius-mysql: before 3.0.15-21
freeradius-ldap: before 3.0.15-21
freeradius-krb5: before 3.0.15-21
freeradius-help: before 3.0.15-21
freeradius-devel: before 3.0.15-21
freeradius-debugsource: before 3.0.15-21
freeradius-debuginfo: before 3.0.15-21
freeradius: before 3.0.15-21
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python2-freeradius:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-utils:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-sqlite:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-postgresql:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-perl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-mysql:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-ldap:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-krb5:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU23959
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-9494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the implementations of SAE are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. A remote attacker can gain leaked information from a side channel attack that can be used for full password recovery.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS
python2-freeradius: before 3.0.15-21
freeradius-utils: before 3.0.15-21
freeradius-sqlite: before 3.0.15-21
freeradius-postgresql: before 3.0.15-21
freeradius-perl: before 3.0.15-21
freeradius-mysql: before 3.0.15-21
freeradius-ldap: before 3.0.15-21
freeradius-krb5: before 3.0.15-21
freeradius-help: before 3.0.15-21
freeradius-devel: before 3.0.15-21
freeradius-debugsource: before 3.0.15-21
freeradius-debuginfo: before 3.0.15-21
freeradius: before 3.0.15-21
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:20.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python2-freeradius:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-utils:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-sqlite:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-postgresql:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-perl:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-mysql:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-ldap:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-krb5:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:freeradius:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
