Описание
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| freeradius | fixed | 3.2.5+dfsg-1 | package | |
| freeradius | no-dsa | bookworm | package | |
| freeradius | postponed | bullseye | package |
Примечания
https://www.blastradius.fail/
https://kb.cert.org/vuls/id/456537
https://www.openwall.com/lists/oss-security/2024/07/09/4
https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack/
CVE is for the RADIUS Protocol issue under RFC 2865, but track for time beeing
sources which add mitigations for the "BlastRADIUS protocol vulnerability".
Breaks unrelated software like proftpd: https://github.com/proftpd/proftpd/issues/1840 (fixed)
Связанные уязвимости
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
