Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-2870-01

Red Hat Security Advisory 2023-2870-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include an information leakage vulnerability.

Packet Storm
#sql#vulnerability#linux#red_hat#js#perl#ldap#auth#postgres

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: freeradius:3.0 security update
Advisory ID: RHSA-2023:2870-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2870
Issue date: 2023-05-16
CVE Names: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861
====================================================================

  1. Summary:

An update for the freeradius:3.0 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

Security Fix(es):

  • freeradius: Information leakage in EAP-PWD (CVE-2022-41859)

  • freeradius: Crash on unknown option in EAP-SIM (CVE-2022-41860)

  • freeradius: Crash on invalid abinary data (CVE-2022-41861)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2078483 - CVE-2022-41859 freeradius: Information leakage in EAP-PWD
2078485 - CVE-2022-41860 freeradius: Crash on unknown option in EAP-SIM
2078487 - CVE-2022-41861 freeradius: Crash on invalid abinary data

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.src.rpm

aarch64:
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm

ppc64le:
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm

s390x:
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm

x86_64:
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-41859
https://access.redhat.com/security/cve/CVE-2022-41860
https://access.redhat.com/security/cve/CVE-2022-41861
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZGNw09zjgjWX9erEAQgtzRAAjlyD8uI8FfESOtIeR1n/NpQY9LXdp2J8
gu8Zb2WITaVFMHMuXcWHn+PdDywpsmJyTtv8kVd3/c51KiAWnIW2efb1kmsOpY+h
3igUWG00vfnixCvV1ghk5IHvY3e0QUtzinC5HVtcZqhBIP/ek5ZxXR328q69/gmf
hWgT3HHWh0QMRBTwYhj09wWdVXz87zb3Pc/ZkoWEMWMNDdY00iV2OZW09HRzP+zq
Qn8YBMHGX+yuX3SnOrjCYg1RXsn+Lev0iYz6gAHhuMTwmknCRAKhhvtmaeaOu43G
jlMiS6mZWRbyzcAbKHjbw+PJXGF1M5WfMRjSSUsbQzcfiNKA3HDiHF/bXnZDFhPu
Mo6nhgX1ofAUYUnbGMZnrE3uLm1Bw8tGS30lXjn+LxWO03c+94mS3xV1KslukCgA
p0k1e+sPAEbOcNEuo+SE+HUnt+1zebfaSkdZPalJKunUeD29vjbUHQ7yE0eC/VXd
YtppGvnZSFAcy0noOElvDHl0p2RcrJYZQeVjZMbWb6VqBMLfYGmzpLJGzU+IcHeC
i153a+ArRi+4FmkBMne/wRg1SzfjlOSUZR2cbFCOkh70ugSU98VPJ0H5CHjiNxb3
QSI16Q8647Ckn5pC5ctoFF/vY2o0ivJVS/K75f4/qv5JiLnk0KAGeG2RgAVuYeNk
KOFlmlXluBY=1hXc
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

RHSA-2023:2870: Red Hat Security Advisory: freeradius:3.0 security update

An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the ...

RHSA-2023:2870: Red Hat Security Advisory: freeradius:3.0 security update

An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the ...

RHSA-2023:2870: Red Hat Security Advisory: freeradius:3.0 security update

An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the ...

RHSA-2023:2166: Red Hat Security Advisory: freeradius security and bug fix update

An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictio...

RHSA-2023:2166: Red Hat Security Advisory: freeradius security and bug fix update

An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictio...

RHSA-2023:2166: Red Hat Security Advisory: freeradius security and bug fix update

An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41859: In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. * CVE-2022-41860: In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictio...

CVE-2022-41859: port fixes from master · FreeRADIUS/freeradius-server@9e5e8f2

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

CVE-2022-41860: it's probably wrong to be completely retarded. Let's fix that. · FreeRADIUS/freeradius-server@f1cdbb3

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

CVE-2022-41861: manual port of commit 5906bfa1 · FreeRADIUS/freeradius-server@0ec2b39

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.

Ubuntu Security Notice USN-5785-1

Ubuntu Security Notice 5785-1 - It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Ubuntu Security Notice USN-5785-1

Ubuntu Security Notice 5785-1 - It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unknown SIM option sent by EAP-SIM supplicant. An attacker could possibly use this issue to cause a denial of service on the server. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution