Date: Mon, 29 May 2017 16:40:49 +0200 (CEST) From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> To: oss-security@...ts.openwall.com Subject: CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass Vendor: The FreeRADIUS Project Product: FreeRADIUS server Affected Versions: 2.2.x (EOL but still found in some Linux distros): All versions. 3.0.x (stable): All versions before 3.0.14. 3.1.x and 4.0.x (development): All versions before 2017-02-04. Description: The implementation of TTLS and PEAP in FreeRADIUS skips inner authentication when it handles a resumed TLS connection. This is a feature but there is a critical catch: the server must never allow resumption of a TLS session until its initial connection gets to the point where inner authentication has been finished successfully. Unfortunately, affected versions of FreeRADIUS fail to reliably prevent resumption of unauthenticated sessions unless the TLS session cache is disabled completely and allow an attacker (e.g. a malicious supplicant) to elicit EAP Success without sending any valid credentials. Mitigation: (a) Disable TLS session caching. Set enabled = no in the cache subsection of eap module settings (raddb/mods-enabled/eap in the standard v3.0.x-style layout). (b) Upgrade to version 3.0.14. Credits: Stefan Winter of the RESTENA Foundation (initial discovery) Luboš Pavlíček of the University of Economics, Prague (independent rediscovery) Timeline: "a few months" ago: Vulnerability discovered and reported by Stefan Winter. 2017-02-03: The first (and mostly ineffective) attempt to fix the vulnerability in v3.0.x branch (commits 5aabc3b1 and 6b909d0c). 2017-02-04 Vulnerability fixed in v3.1.x and v4.0.x branches (commits 813a93a7 and c703ad96, respectively). 2017-03-06 Version 3.0.13 released without any explicit indication that it was supposed to fix a serious vulnerability (but it was probably better that way because the vulnerability was not really fixed). 2017-04-24 Vulnerability rediscovered by Luboš Pavlíček. 2017-04-25 PoC exploit developed and used to confirm 3.0.13 is still vulnerable. Vulnerability reported... again. 2017-05-08 The second (and hopefuly final) attempt to fix the vulnerability in v3.0.x (commits af030bd4 and 8f53382c). 2017-05-26 Version 3.0.14 released. References:  <http://freeradius.org/security.html>  <http://freeradius.org/press/index.html#3.0.14> -- Pavel Kankovsky aka Peak "Que sçay-je?"
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ