Mageia 2024-0264 Advisory: Freeradius Vulnerability and Privilege Escalation Risk
Summary
This vulnerability allows an attacker performing a meddler-in-the-middle
attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to
bypass authentication and escalate privileges to âsuperuserâ when RADIUS
authentication is in use and either CHAP or PAP is selected in the
RADIUS server profile.
CHAP and PAP are protocols with no Transport Layer Security (TLS), and
hence vulnerable to meddler-in-the-middle attacks. Neither protocol
should be used unless they are encapsulated by an encrypted tunnel. If
they are in use, but are encapsulated within a TLS tunnel, they are not
vulnerable to this attack.
For additional information regarding this vulnerability, please see
https://blastradius.fail.
Note: these two lines are added upstream in the default radiusd.conf
file:
"""
require_message_authenticator = auto
limit_proxy_state = auto
"""
References
- https://bugs.mageia.org/show_bug.cgi?id=33388
- https://www.freeradius.org/security/
- https://www.openwall.com/lists/oss-security/2024/07/09/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
Resolution
MGASA-2024-0264 - Updated freeradius packages fix security vulnerability
SRPMS
- 9/core/freeradius-3.0.27-1.mga9