advisories/24762.adv

type: security
subject: Updated freeradius packages fix security vulnerability
CVE:
 - CVE-2019-11234
 - CVE-2019-11235
src:
  6:
   core:
     - freeradius-3.0.15-1.1.mga6
description: |
  An attacker can reflect the received scalar and element from the server in
  it's own commit message, and subsequently reflect the confirm value as
  well. This causes the adversary to successfully authenticate as the victim
  (CVE-2019-11234).

  An invalid curve attack allows an attacker to authenticate as any user
  (without knowing the password). The problem is that on the reception of an
  EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received
  elliptic curve point is valid (CVE-2019-11235).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24762
 - https://bugzilla.redhat.com/show_bug.cgi?id=1695748
 - https://bugzilla.redhat.com/show_bug.cgi?id=1695783
 - https://access.redhat.com/errata/RHSA-2019:1131
ID: MGASA-2019-0176
1	type: security
2	subject: Updated freeradius packages fix security vulnerability
3	CVE:
4	- CVE-2019-11234
5	- CVE-2019-11235
6	src:
7	6:
8	core:
9	- freeradius-3.0.15-1.1.mga6
10	description: \|
11	An attacker can reflect the received scalar and element from the server in
12	it's own commit message, and subsequently reflect the confirm value as
13	well. This causes the adversary to successfully authenticate as the victim
14	(CVE-2019-11234).
15
16	An invalid curve attack allows an attacker to authenticate as any user
17	(without knowing the password). The problem is that on the reception of an
18	EAP-PWD Commit frame, FreeRADIUS doesn't verify whether the received
19	elliptic curve point is valid (CVE-2019-11235).
20	references:
21	- https://bugs.mageia.org/show_bug.cgi?id=24762
22	- https://bugzilla.redhat.com/show_bug.cgi?id=1695748
23	- https://bugzilla.redhat.com/show_bug.cgi?id=1695783
24	- https://access.redhat.com/errata/RHSA-2019:1131
25	ID: MGASA-2019-0176