Red Hat Local Security Checks : RedHat Update for freeradius RHSA-2015:1287-01

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.871397

Category: Red Hat Local Security Checks

Title: RedHat Update for freeradius RHSA-2015:1287-01

Summary: The remote host is missing an update for the 'freeradius'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'freeradius'
package(s) announced via the referenced advisory.

Vulnerability Insight:
FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap
module handled long password hashes. An attacker able to make radiusd
process a malformed password hash could cause the daemon to crash.
(CVE-2014-2015)

The freeradius packages have been upgraded to upstream version 2.2.6, which
provides a number of bug fixes and enhancements over the previous version,
including:

* The number of dictionaries have been updated.

* This update implements several Extensible Authentication Protocol
(EAP) improvements.

* A number of new expansions have been added, including: %{randstr:...},
%{hex:...}, %{sha1:...}, %{base64:...}, %{tobase64:...}, and
%{base64tohex:...}.

* Hexadecimal numbers (0x...) are now supported in %{expr:...} expansions.

* This update adds operator support to the rlm_python module.

* The Dynamic Host Configuration Protocol (DHCP) and DHCP relay code have
been finalized.

* This update adds the rlm_cache module to cache arbitrary attributes.

For a complete list of bug fixes and enhancements provided by this rebase,
see the freeradius changelog linked to in the References section.

(BZ#1078736)

This update also fixes the following bugs:

* The /var/log/radius/radutmp file was configured to rotate at one-month
intervals, even though this was unnecessary. This update removes
/var/log/radius/radutmp from the installed logrotate utility configuration
in the /etc/logrotate.d/radiusd file, and /var/log/radius/radutmp is no
longer rotated. (BZ#904578)

* The radiusd service could not write the output file created by the
raddebug utility. The raddebug utility now sets appropriate ownership to
the output file, allowing radiusd to write the output. (BZ#921563)

* After starting raddebug using the 'raddebug -t 0' command, raddebug
exited immediately. A typo in the special case comparison has been fixed,
and raddebug now runs for 11.5 days in this situation. (BZ#921567)

* MS-CHAP authentication failed when the User-Name and MS-CHAP-User-Name
attributes used different encodings, even when the user provided correct
credentials. Now, MS-CHAP authentication properly handles mismatching
character encodings. Authentication with correct credentials no longer
fails in this situation. (BZ#1060319)

* Automatically generated default certificates used the SHA-1 algorithm
message digest, which is considered insecu ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
freeradius on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-2015
BugTraq ID: 65581
http://www.securityfocus.com/bid/65581
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html
http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html
http://www.openwall.com/lists/oss-security/2014/02/18/3
RedHat Security Advisories: RHSA-2015:1287
http://rhn.redhat.com/errata/RHSA-2015-1287.html
http://ubuntu.com/usn/usn-2122-1

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.871397
Category:	Red Hat Local Security Checks
Title:	RedHat Update for freeradius RHSA-2015:1287-01
Summary:	The remote host is missing an update for the 'freeradius'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'freeradius' package(s) announced via the referenced advisory. Vulnerability Insight: FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. (CVE-2014-2015) The freeradius packages have been upgraded to upstream version 2.2.6, which provides a number of bug fixes and enhancements over the previous version, including: * The number of dictionaries have been updated. * This update implements several Extensible Authentication Protocol (EAP) improvements. * A number of new expansions have been added, including: %{randstr:...}, %{hex:...}, %{sha1:...}, %{base64:...}, %{tobase64:...}, and %{base64tohex:...}. * Hexadecimal numbers (0x...) are now supported in %{expr:...} expansions. * This update adds operator support to the rlm_python module. * The Dynamic Host Configuration Protocol (DHCP) and DHCP relay code have been finalized. * This update adds the rlm_cache module to cache arbitrary attributes. For a complete list of bug fixes and enhancements provided by this rebase, see the freeradius changelog linked to in the References section. (BZ#1078736) This update also fixes the following bugs: * The /var/log/radius/radutmp file was configured to rotate at one-month intervals, even though this was unnecessary. This update removes /var/log/radius/radutmp from the installed logrotate utility configuration in the /etc/logrotate.d/radiusd file, and /var/log/radius/radutmp is no longer rotated. (BZ#904578) * The radiusd service could not write the output file created by the raddebug utility. The raddebug utility now sets appropriate ownership to the output file, allowing radiusd to write the output. (BZ#921563) * After starting raddebug using the 'raddebug -t 0' command, raddebug exited immediately. A typo in the special case comparison has been fixed, and raddebug now runs for 11.5 days in this situation. (BZ#921567) * MS-CHAP authentication failed when the User-Name and MS-CHAP-User-Name attributes used different encodings, even when the user provided correct credentials. Now, MS-CHAP authentication properly handles mismatching character encodings. Authentication with correct credentials no longer fails in this situation. (BZ#1060319) * Automatically generated default certificates used the SHA-1 algorithm message digest, which is considered insecu ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: freeradius on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2015 BugTraq ID: 65581 http://www.securityfocus.com/bid/65581 http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html http://www.openwall.com/lists/oss-security/2014/02/18/3 RedHat Security Advisories: RHSA-2015:1287 http://rhn.redhat.com/errata/RHSA-2015-1287.html http://ubuntu.com/usn/usn-2122-1
Copyright	Copyright (C) 2015 Greenbone AG