CVE-2019-11235
First published: Wed Apr 03 2019(Updated: )
A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user (without knowing the password). The problem is that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received elliptic curve point is valid.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/freeradius | <3.0.19 | 3.0.19 |
| debian/freeradius | 3.0.21+dfsg-2.2+deb11u1 3.2.1+dfsg-4+deb12u1 3.2.5+dfsg-3 | |
| FreeRADIUS | <3.0.19 | |
| Red Hat Fedora | ||
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =7.6 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Ubuntu | =18.04 | |
| Ubuntu | =18.10 | |
| Ubuntu | =19.04 | |
| SUSE Linux | =15.0 |
Remedy
https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
Remedy
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html
- https://access.redhat.com/errata/RHSA-2019:1131
- https://access.redhat.com/errata/RHSA-2019:1142
- https://bugzilla.redhat.com/show_bug.cgi?id=1695748
- https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
- https://freeradius.org/security/
- https://papers.mathyvanhoef.com/dragonblood.pdf
- https://usn.ubuntu.com/3954-1/
- https://www.kb.cert.org/vuls/id/871675/
- http://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
- https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
- https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1699415
- https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
- https://launchpad.net/bugs/cve/CVE-2019-11235
- https://security-tracker.debian.org/tracker/CVE-2019-11235
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11235
- https://nvd.nist.gov/vuln/detail/CVE-2019-11235
- https://ubuntu.com/security/CVE-2019-11235
Frequently Asked Questions
What is the severity of CVE-2019-11235?
CVE-2019-11235 has a high severity level due to its potential to allow an attacker to authenticate as any user.
How do I fix CVE-2019-11235?
To fix CVE-2019-11235, upgrade FreeRADIUS to version 3.0.21 or later.
Which FreeRADIUS versions are affected by CVE-2019-11235?
CVE-2019-11235 affects FreeRADIUS versions prior to 3.0.21.
What type of attack does CVE-2019-11235 involve?
CVE-2019-11235 involves an invalid curve attack that exploits EAP-PWD Commit frame handling.
Is CVE-2019-11235 exploitable remotely?
Yes, CVE-2019-11235 is exploitable remotely without requiring physical access to the server.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-11235
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- package-manager/redhat
- package-manager/debian
- vendor/freeradius
- canonical/freeradius
- vendor/fedoraproject
- canonical/red hat fedora
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/7.6
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.6
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/18.10
- version/ubuntu/19.04
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.0