Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2020-1515

Related Vulnerabilities: CVE-2019-10143   CVE-2019-13456   CVE-2019-17185  

It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. (CVE-2019-10143) An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks. (CVE-2019-13456) In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. (CVE-2019-17185)

Source

ALAS2-2020-1515

Amazon Linux 2 Security Advisory: ALAS-2020-1515
Advisory Release Date: 2020-10-22 17:34 Pacific
Advisory Updated Date: 2020-10-22 22:36 Pacific
Severity: Medium
Issue Overview:

It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. (CVE-2019-10143)

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks. (CVE-2019-13456)

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. (CVE-2019-17185)


Affected Packages:

freeradius


Issue Correction:
Run yum update freeradius to update your system.

New Packages:
aarch64:
    freeradius-3.0.13-15.amzn2.aarch64
    freeradius-doc-3.0.13-15.amzn2.aarch64
    freeradius-utils-3.0.13-15.amzn2.aarch64
    freeradius-devel-3.0.13-15.amzn2.aarch64
    freeradius-ldap-3.0.13-15.amzn2.aarch64
    freeradius-krb5-3.0.13-15.amzn2.aarch64
    freeradius-perl-3.0.13-15.amzn2.aarch64
    freeradius-python-3.0.13-15.amzn2.aarch64
    freeradius-mysql-3.0.13-15.amzn2.aarch64
    freeradius-postgresql-3.0.13-15.amzn2.aarch64
    freeradius-sqlite-3.0.13-15.amzn2.aarch64
    freeradius-unixODBC-3.0.13-15.amzn2.aarch64
    freeradius-debuginfo-3.0.13-15.amzn2.aarch64

i686:
    freeradius-3.0.13-15.amzn2.i686
    freeradius-doc-3.0.13-15.amzn2.i686
    freeradius-utils-3.0.13-15.amzn2.i686
    freeradius-devel-3.0.13-15.amzn2.i686
    freeradius-ldap-3.0.13-15.amzn2.i686
    freeradius-krb5-3.0.13-15.amzn2.i686
    freeradius-perl-3.0.13-15.amzn2.i686
    freeradius-python-3.0.13-15.amzn2.i686
    freeradius-mysql-3.0.13-15.amzn2.i686
    freeradius-postgresql-3.0.13-15.amzn2.i686
    freeradius-sqlite-3.0.13-15.amzn2.i686
    freeradius-unixODBC-3.0.13-15.amzn2.i686
    freeradius-debuginfo-3.0.13-15.amzn2.i686

src:
    freeradius-3.0.13-15.amzn2.src

x86_64:
    freeradius-3.0.13-15.amzn2.x86_64
    freeradius-doc-3.0.13-15.amzn2.x86_64
    freeradius-utils-3.0.13-15.amzn2.x86_64
    freeradius-devel-3.0.13-15.amzn2.x86_64
    freeradius-ldap-3.0.13-15.amzn2.x86_64
    freeradius-krb5-3.0.13-15.amzn2.x86_64
    freeradius-perl-3.0.13-15.amzn2.x86_64
    freeradius-python-3.0.13-15.amzn2.x86_64
    freeradius-mysql-3.0.13-15.amzn2.x86_64
    freeradius-postgresql-3.0.13-15.amzn2.x86_64
    freeradius-sqlite-3.0.13-15.amzn2.x86_64
    freeradius-unixODBC-3.0.13-15.amzn2.x86_64
    freeradius-debuginfo-3.0.13-15.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started