Debian DLA-977-1 : freeradius security update

critical Nessus Plugin ID 100623

Synopsis

The remote Debian host is missing a security update.

Description

Several issues were discovered in FreeRADIUS, a high-performance and highly configurable RADIUS server.

CVE-2014-2015

A stack-based buffer overflow was found in the normify function in the rlm_pap module, which can be attacked by existing users to cause denial of service or other issues.

CVE-2015-4680

It was discovered that freeradius failed to check revocation of intermediate CA certificates, thus accepting client certificates issued by revoked certificates from intermediate CAs.

Note that to enable checking of intermediate CA certificates, it is necessary to enable the check_all_crl option of the EAP TLS section in eap.conf. This is only necessary for servers using certificates signed by intermediate CAs. Servers that use self-signed CAs are unaffected.

CVE-2017-9148

The TLS session cache fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

For Debian 7 'Wheezy', these problems have been fixed in version 2.1.12+dfsg-1.2+deb7u1.

We recommend that you upgrade your freeradius packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2017/06/msg00005.html

https://packages.debian.org/source/wheezy/freeradius

Plugin Details

Severity: Critical

ID: 100623

File Name: debian_DLA-977.nasl

Version: 3.6

Type: local

Agent: unix

Published: 6/6/2017

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:freeradius-dbg, p-cpe:/a:debian:debian_linux:freeradius-krb5, p-cpe:/a:debian:debian_linux:libfreeradius2, cpe:/o:debian:debian_linux:7.0, p-cpe:/a:debian:debian_linux:freeradius-dialupadmin, p-cpe:/a:debian:debian_linux:freeradius-iodbc, p-cpe:/a:debian:debian_linux:freeradius-common, p-cpe:/a:debian:debian_linux:libfreeradius-dev, p-cpe:/a:debian:debian_linux:freeradius, p-cpe:/a:debian:debian_linux:freeradius-mysql, p-cpe:/a:debian:debian_linux:freeradius-ldap, p-cpe:/a:debian:debian_linux:freeradius-postgresql, p-cpe:/a:debian:debian_linux:freeradius-utils

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 6/5/2017

Reference Information

CVE: CVE-2014-2015, CVE-2015-4680, CVE-2017-9148

BID: 65581, 75327