CVE-2019-11234

Опубликовано: 22 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html
https://access.redhat.com/errata/RHSA-2019:1131
https://access.redhat.com/errata/RHSA-2019:1142
https://bugzilla.redhat.com/show_bug.cgi?id=1695783
Issue Tracking
Third Party Advisory
https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
Release Notes
Vendor Advisory
https://freeradius.org/security/
Vendor Advisory
https://papers.mathyvanhoef.com/dragonblood.pdf
Technical Description
Third Party Advisory
https://usn.ubuntu.com/3954-1/
Third Party Advisory
https://www.kb.cert.org/vuls/id/871675/
Not Applicable
Third Party Advisory
US Government Resource
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html
https://access.redhat.com/errata/RHSA-2019:1131
https://access.redhat.com/errata/RHSA-2019:1142
https://bugzilla.redhat.com/show_bug.cgi?id=1695783
Issue Tracking
Third Party Advisory
https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
Release Notes
Vendor Advisory
https://freeradius.org/security/
Vendor Advisory
https://papers.mathyvanhoef.com/dragonblood.pdf
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*

Версия до 3.0.19 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.21256

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2019-11234

CVSS3: 9.8

ubuntu

почти 7 лет назад

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

CVE-2019-11234

CVSS3: 5

redhat

почти 7 лет назад

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

CVE-2019-11234

CVSS3: 9.8

debian

почти 7 лет назад

FreeRADIUS before 3.0.19 does not prevent use of reflection for authen ...

GHSA-vwq6-jpj7-xqvx

CVSS3: 9.8

github

больше 3 лет назад

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

BDU:2020-01572

CVSS3: 9.8

fstec

почти 7 лет назад

Уязвимость RADIUS-сервера FreeRADIUS, связанная с неправильной аутентификацией, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 96%

0.21256

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287