Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU27344
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13456
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way FreeRadius processes EAP-pwd handshakes. on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS - 20.03 LTS SP1
python2-freeradius: before 3.0.15-21
freeradius-utils: before 3.0.15-21
freeradius-sqlite: before 3.0.15-21
freeradius-postgresql: before 3.0.15-21
freeradius-perl: before 3.0.15-21
freeradius-mysql: before 3.0.15-21
freeradius-ldap: before 3.0.15-21
freeradius-krb5: before 3.0.15-21
freeradius-help: before 3.0.15-21
freeradius-devel: before 3.0.15-21
freeradius-debugsource: before 3.0.15-21
freeradius-debuginfo: before 3.0.15-21
freeradius: before 3.0.15-21
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU27346
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17185
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the EAP-pwd module uses a global OpenSSL BN_CTX instance to handle all
handshakes. This mean multiple threads use the same BN_CTX instance
concurrently, resulting in crashes when concurrent EAP-pwd handshakes
are initiated. A remote attacker can perform multiple login attempts and crash the daemon.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS - 20.03 LTS SP1
python2-freeradius: before 3.0.15-21
freeradius-utils: before 3.0.15-21
freeradius-sqlite: before 3.0.15-21
freeradius-postgresql: before 3.0.15-21
freeradius-perl: before 3.0.15-21
freeradius-mysql: before 3.0.15-21
freeradius-ldap: before 3.0.15-21
freeradius-krb5: before 3.0.15-21
freeradius-help: before 3.0.15-21
freeradius-devel: before 3.0.15-21
freeradius-debugsource: before 3.0.15-21
freeradius-debuginfo: before 3.0.15-21
freeradius: before 3.0.15-21
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23959
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the implementations of SAE are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. A remote attacker can gain leaked information from a side channel attack that can be used for full password recovery.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS - 20.03 LTS SP1
python2-freeradius: before 3.0.15-21
freeradius-utils: before 3.0.15-21
freeradius-sqlite: before 3.0.15-21
freeradius-postgresql: before 3.0.15-21
freeradius-perl: before 3.0.15-21
freeradius-mysql: before 3.0.15-21
freeradius-ldap: before 3.0.15-21
freeradius-krb5: before 3.0.15-21
freeradius-help: before 3.0.15-21
freeradius-devel: before 3.0.15-21
freeradius-debugsource: before 3.0.15-21
freeradius-debuginfo: before 3.0.15-21
freeradius: before 3.0.15-21
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1031
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.