exploitDog

ELSA-2020-1672

Опубликовано: 05 мая 2020

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2020-1672: freeradius:3.0 security update (MODERATE)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module freeradius:3.0 is enabled

freeradius

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-devel

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-doc

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-krb5

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-ldap

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-mysql

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-perl

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-postgresql

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-rest

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-sqlite

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-unixODBC

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-utils

3.0.17-7.module+el8.2.0+5505+9f97be83

Oracle Linux x86_64

Module freeradius:3.0 is enabled

freeradius

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-devel

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-doc

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-krb5

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-ldap

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-mysql

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-perl

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-postgresql

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-rest

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-sqlite

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-unixODBC

3.0.17-7.module+el8.2.0+5505+9f97be83

freeradius-utils

3.0.17-7.module+el8.2.0+5505+9f97be83

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2019-13456

CVSS3: 6.5

ubuntu

около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

CVE-2019-13456

CVSS3: 5.3

redhat

больше 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

CVE-2019-13456

CVSS3: 6.5

nvd

около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

CVE-2019-13456

CVSS3: 6.5

debian

около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...

GHSA-qwvf-9vg7-643x

github

больше 3 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.