Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:4936

Опубликовано: 01 авг. 2024
Источник: rocky
Оценка: Important

Описание

Important: freeradius:3.0 security update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.

Security Fix(es):

  • freeradius: forgery attack (CVE-2024-3596)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
freeradiusx86_6415.module+el8.10.0+1841+f214069afreeradius-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-develx86_6415.module+el8.10.0+1841+f214069afreeradius-devel-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-docx86_6415.module+el8.10.0+1841+f214069afreeradius-doc-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-krb5x86_6415.module+el8.10.0+1841+f214069afreeradius-krb5-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-ldapx86_6415.module+el8.10.0+1841+f214069afreeradius-ldap-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-mysqlx86_6415.module+el8.10.0+1841+f214069afreeradius-mysql-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-perlx86_6415.module+el8.10.0+1841+f214069afreeradius-perl-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-postgresqlx86_6415.module+el8.10.0+1841+f214069afreeradius-postgresql-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-restx86_6415.module+el8.10.0+1841+f214069afreeradius-rest-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm
freeradius-sqlitex86_6415.module+el8.10.0+1841+f214069afreeradius-sqlite-3.0.20-15.module+el8.10.0+1841+f214069a.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-3596

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-3596

CVSS3: 9
ubuntu
больше 1 года назад

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

redhat логотип

CVE-2024-3596

CVSS3: 9
redhat
больше 1 года назад

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

nvd логотип

CVE-2024-3596

CVSS3: 9
nvd
больше 1 года назад

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

msrc логотип

CVE-2024-3596

CVSS3: 7.5
msrc
больше 1 года назад

CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability

debian логотип

CVE-2024-3596

CVSS3: 9
debian
больше 1 года назад

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a ...