PT-2019-4954 · Freeradius+5 · Freeradius+5

Eyal Ronen

Publicado

2019-04-03

Atualizado

2024-06-15

CVE-2019-11234

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeRADIUS versions prior to 3.0.19

Description The issue is related to improper authentication in the FreeRADIUS server, which can be exploited by a remote attacker to gain unauthorized access to protected information. This is similar to a "Dragonblood" issue, where reflection can be used for authentication spoofing.

Recommendations For versions prior to 3.0.19, update to version 3.0.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the RADIUS server to minimize the risk of exploitation.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2020-1496

BDU:2020-01572

CESA-2019_1131

CESA-2019_1142

CVE-2019-11234

MGASA-2019-0176

OPENSUSE-SU-2019:1346-1

OPENSUSE-SU-2019_1346-1

OPENSUSE-SU-2019_1394-1

OPENSUSE-SU-2020:0542-1

OPENSUSE-SU-2020_0542-1

OPENSUSE-SU-2024:10767-1

RHSA-2019:1131

RHSA-2019:1142

RHSA-2019_1131

RHSA-2019_1142

SUSE-SU-2019:1039-1

SUSE-SU-2019:1086-1

SUSE-SU-2019:1181-1

SUSE-SU-2019_1039-1

SUSE-SU-2019_1086-1

SUSE-SU-2019_1181-1

USN-3954-1

Produtos afetados

Alt Linux

Centos

Freeradius

Red Hat

Suse

Ubuntu

PT-2019-4954 · Freeradius+5 · Freeradius+5

CVE-2019-11234

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 86