Vulnerability CVE-2019-11235


Published: 2019-04-22

Description:
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

Type:

CWE-345

(Insufficient Verification of Data Authenticity)

Vendor: Redhat
Product: Enterprise linux server tus 
Version: 7.6;
Product: Enterprise linux eus 
Version: 7.6;
Product: Enterprise linux server aus 
Version: 7.6;
Product: Enterprise linux 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux server 
Version: 7.0;
Vendor: Freeradius
Product: Freeradius 
Version:
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.18
3.0.17
3.0.16
3.0.15
2.2.10
2.2.0
2.1.9
2.1.8
2.1.7
2.1.6
2.1.4
2.1.3
2.1.2
2.1.12
2.1.11
2.1.10
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0
1.1.8
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.1
0.8
0.7.1
0.7
0.6
0.5
0.4
0.3
0.2
0.1
Vendor: Canonical
Product: Ubuntu linux 
Version:
19.04
18.10
18.04
Vendor: Opensuse
Product: LEAP 
Version: 15.0;
Vendor: Fedoraproject
Product: Fedora 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html
https://access.redhat.com/errata/RHSA-2019:1131
https://access.redhat.com/errata/RHSA-2019:1142
https://bugzilla.redhat.com/show_bug.cgi?id=1695748
https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19
https://freeradius.org/security/
https://papers.mathyvanhoef.com/dragonblood.pdf
https://usn.ubuntu.com/3954-1/
https://www.kb.cert.org/vuls/id/871675/

Related CVE
CVE-2019-19010
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-18837
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.
CVE-2012-1170
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
CVE-2012-1169
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
CVE-2012-1161
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
CVE-2012-1160
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php
CVE-2012-1159
Moodle before 2.2.2: Overview report allows users to see hidden courses
CVE-2012-1158
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

Copyright 2019, cxsecurity.com

 

Back to Top