advisories/24762.adv

type: security
subject: Updated freeradius packages fix security vulnerability
CVE:
 - CVE-2019-11234
 - CVE-2019-11235
src:
  6:
   core:
     - freeradius-3.0.15-1.1.mga6
description: |
  An attacker can reflect the received scalar and element from the server in
  it's own commit message, and subsequently reflect the confirm value as
  well. This causes the adversary to successfully authenticate as the victim
  (CVE-2019-11234).

  An invalid curve attack allows an attacker to authenticate as any user
  (without knowing the password). The problem is that on the reception of an
  EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received
  elliptic curve point is valid (CVE-2019-11235).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24762
 - https://bugzilla.redhat.com/show_bug.cgi?id=1695748
 - https://bugzilla.redhat.com/show_bug.cgi?id=1695783
 - https://access.redhat.com/errata/RHSA-2019:1131
ID: MGASA-2019-0176
1	davidwhodgins	8551	type: security
2			subject: Updated freeradius packages fix security vulnerability
3			CVE:
4			- CVE-2019-11234
5			- CVE-2019-11235
6			src:
7			6:
8			core:
9			- freeradius-3.0.15-1.1.mga6
10			description: \|
11			An attacker can reflect the received scalar and element from the server in
12			it's own commit message, and subsequently reflect the confirm value as
13			well. This causes the adversary to successfully authenticate as the victim
14			(CVE-2019-11234).
15
16			An invalid curve attack allows an attacker to authenticate as any user
17			(without knowing the password). The problem is that on the reception of an
18			EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received
19			elliptic curve point is valid (CVE-2019-11235).
20			references:
21			- https://bugs.mageia.org/show_bug.cgi?id=24762
22			- https://bugzilla.redhat.com/show_bug.cgi?id=1695748
23			- https://bugzilla.redhat.com/show_bug.cgi?id=1695783
24			- https://access.redhat.com/errata/RHSA-2019:1131
25	tmb	8556	ID: MGASA-2019-0176