Lucene search

AmazonALAS2-2020-1515

HistoryOct 22, 2020 - 5:34 p.m.

Medium: freeradius

2020-10-2217:34:00

alas.aws.amazon.com

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Issue Overview:

It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. (CVE-2019-10143)

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user’s WiFi password by performing dictionary and brute-force attacks. (CVE-2019-13456)

In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. (CVE-2019-17185)

Affected Packages:

freeradius

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update freeradius to update your system.

New Packages:

aarch64:  
    freeradius-3.0.13-15.amzn2.aarch64  
    freeradius-doc-3.0.13-15.amzn2.aarch64  
    freeradius-utils-3.0.13-15.amzn2.aarch64  
    freeradius-devel-3.0.13-15.amzn2.aarch64  
    freeradius-ldap-3.0.13-15.amzn2.aarch64  
    freeradius-krb5-3.0.13-15.amzn2.aarch64  
    freeradius-perl-3.0.13-15.amzn2.aarch64  
    freeradius-python-3.0.13-15.amzn2.aarch64  
    freeradius-mysql-3.0.13-15.amzn2.aarch64  
    freeradius-postgresql-3.0.13-15.amzn2.aarch64  
    freeradius-sqlite-3.0.13-15.amzn2.aarch64  
    freeradius-unixODBC-3.0.13-15.amzn2.aarch64  
    freeradius-debuginfo-3.0.13-15.amzn2.aarch64  
  
i686:  
    freeradius-3.0.13-15.amzn2.i686  
    freeradius-doc-3.0.13-15.amzn2.i686  
    freeradius-utils-3.0.13-15.amzn2.i686  
    freeradius-devel-3.0.13-15.amzn2.i686  
    freeradius-ldap-3.0.13-15.amzn2.i686  
    freeradius-krb5-3.0.13-15.amzn2.i686  
    freeradius-perl-3.0.13-15.amzn2.i686  
    freeradius-python-3.0.13-15.amzn2.i686  
    freeradius-mysql-3.0.13-15.amzn2.i686  
    freeradius-postgresql-3.0.13-15.amzn2.i686  
    freeradius-sqlite-3.0.13-15.amzn2.i686  
    freeradius-unixODBC-3.0.13-15.amzn2.i686  
    freeradius-debuginfo-3.0.13-15.amzn2.i686  
  
src:  
    freeradius-3.0.13-15.amzn2.src  
  
x86_64:  
    freeradius-3.0.13-15.amzn2.x86_64  
    freeradius-doc-3.0.13-15.amzn2.x86_64  
    freeradius-utils-3.0.13-15.amzn2.x86_64  
    freeradius-devel-3.0.13-15.amzn2.x86_64  
    freeradius-ldap-3.0.13-15.amzn2.x86_64  
    freeradius-krb5-3.0.13-15.amzn2.x86_64  
    freeradius-perl-3.0.13-15.amzn2.x86_64  
    freeradius-python-3.0.13-15.amzn2.x86_64  
    freeradius-mysql-3.0.13-15.amzn2.x86_64  
    freeradius-postgresql-3.0.13-15.amzn2.x86_64  
    freeradius-sqlite-3.0.13-15.amzn2.x86_64  
    freeradius-unixODBC-3.0.13-15.amzn2.x86_64  
    freeradius-debuginfo-3.0.13-15.amzn2.x86_64

Additional References

Red Hat: CVE-2019-10143, CVE-2019-13456, CVE-2019-17185

Mitre: CVE-2019-10143, CVE-2019-13456, CVE-2019-17185

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64freeradius< 3.0.13-15.amzn2freeradius-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-doc< 3.0.13-15.amzn2freeradius-doc-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-utils< 3.0.13-15.amzn2freeradius-utils-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-devel< 3.0.13-15.amzn2freeradius-devel-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-ldap< 3.0.13-15.amzn2freeradius-ldap-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-krb5< 3.0.13-15.amzn2freeradius-krb5-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-perl< 3.0.13-15.amzn2freeradius-perl-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-python< 3.0.13-15.amzn2freeradius-python-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-mysql< 3.0.13-15.amzn2freeradius-mysql-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux2aarch64freeradius-postgresql< 3.0.13-15.amzn2freeradius-postgresql-3.0.13-15.amzn2.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	freeradius	< 3.0.13-15.amzn2	freeradius-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-doc	< 3.0.13-15.amzn2	freeradius-doc-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-utils	< 3.0.13-15.amzn2	freeradius-utils-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-devel	< 3.0.13-15.amzn2	freeradius-devel-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-ldap	< 3.0.13-15.amzn2	freeradius-ldap-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-krb5	< 3.0.13-15.amzn2	freeradius-krb5-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-perl	< 3.0.13-15.amzn2	freeradius-perl-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-python	< 3.0.13-15.amzn2	freeradius-python-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-mysql	< 3.0.13-15.amzn2	freeradius-mysql-3.0.13-15.amzn2.aarch64.rpm
Amazon Linux	2	aarch64	freeradius-postgresql	< 3.0.13-15.amzn2	freeradius-postgresql-3.0.13-15.amzn2.aarch64.rpm