RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | freeradius | <=Â 3.2.1+dfsg-4+deb12u1 | freeradius_3.2.1+dfsg-4+deb12u1_all.deb |
Debian | 11 | all | freeradius | <=Â 3.0.21+dfsg-2.2+deb11u1 | freeradius_3.0.21+dfsg-2.2+deb11u1_all.deb |
Debian | 999 | all | freeradius | <Â 3.2.5+dfsg-1 | freeradius_3.2.5+dfsg-1_all.deb |
Debian | 13 | all | freeradius | <Â 3.2.5+dfsg-1 | freeradius_3.2.5+dfsg-1_all.deb |