Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701822 (CVE-2019-13456, CVE-2019-17185) - <net-dialup/freeradius-3.0.20: Multiple vulnerabilities (CVE-2019-{13456,17185})
Summary: <net-dialup/freeradius-3.0.20: Multiple vulnerabilities (CVE-2019-{13456,17185})
Status: RESOLVED FIXED
Alias: CVE-2019-13456, CVE-2019-17185
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: 709804
Blocks:
  Show dependency tree
 
Reported: 2019-12-02 22:40 UTC by GLSAMaker/CVETool Bot
Modified: 2020-04-26 03:07 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-02 22:40:44 UTC
CVE-2019-13456 (https://nvd.nist.gov/vuln/detail/CVE-2019-13456):
  A flaw was found in the implementation of EAP-pwd in FreeRADIUS. An attacker
  could initiate several EAP-pwd handshakes to leak information, which can
  then be used to recover the user's WiFi password by performing dictionary
  and brute-force attacks.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-02 22:41:52 UTC
Upstream patch:
https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa
Comment 2 Larry the Git Cow gentoo-dev 2020-02-11 19:13:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cc4267b345ed2589ecda8b7a35a0f68bff19bf8

commit 2cc4267b345ed2589ecda8b7a35a0f68bff19bf8
Author:     Daniele Rondina <geaaru@gmail.com>
AuthorDate: 2020-02-09 09:34:19 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2020-02-11 19:13:13 +0000

    net-dialup/freeradius: Bump v.3.0.20
    
    Bug: https://bugs.gentoo.org/701822
    Closes: https://bugs.gentoo.org/696458
    Closes: https://bugs.gentoo.org/708970
    Closes: https://github.com/gentoo/gentoo/pull/14488
    Signed-off-by: Daniele Rondina <geaaru@gmail.com>
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-dialup/freeradius/Manifest                     |   1 +
 .../files/freeradius-3.0.20-py3-fixes.patch        | 472 +++++++++++++++++++++
 .../files/freeradius-3.0.20-systemd-service.patch  |  57 +++
 net-dialup/freeradius/freeradius-3.0.20.ebuild     | 267 ++++++++++++
 net-dialup/freeradius/metadata.xml                 |   3 +
 5 files changed, 800 insertions(+)
Comment 3 Matt Turner gentoo-dev 2020-02-11 19:14:17 UTC
(In reply to Thomas Deutschmann from comment #1)
> Upstream patch:
> https://github.com/FreeRADIUS/freeradius-server/commit/
> 3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa

This patch is in v3.0.20, now in tree.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-02 08:49:16 UTC
@maintainer(s), please cleanup
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-04-17 23:44:34 UTC
CVE-2019-17185 (https://nvd.nist.gov/vuln/detail/CVE-2019-17185):
  In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL
  BN_CTX instance to handle all handshakes. This mean multiple threads use the
  same BN_CTX instance concurrently, resulting in crashes when concurrent
  EAP-pwd handshakes are initiated. This can be abused by an adversary as a
  Denial-of-Service (DoS) attack.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-17 23:50:39 UTC
Cleanup done. See bug 685840.
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2020-04-26 03:07:45 UTC
GLSA Vote: No

Thank you all for you work. 
Closing as [noglsa].