Lucene search
RedHatRHSA-2017:1581HistoryJun 28, 2017 - 3:55 a.m.
(RHSA-2017:1581) Important: freeradius security update
2017-06-2803:55:49
access.redhat.com
34
0.007 Low
EPSS
Percentile
80.3%
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.
Security Fix(es):
- An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. (CVE-2017-9148)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | freeradius-devel | < 3.0.4-8.el7_3 | freeradius-devel-3.0.4-8.el7_3.x86_64.rpm |
| RedHat | 7 | x86_64 | freeradius-doc | < 3.0.4-8.el7_3 | freeradius-doc-3.0.4-8.el7_3.x86_64.rpm |
| RedHat | 7 | ppc64 | freeradius-ldap | < 3.0.4-8.el7_3 | freeradius-ldap-3.0.4-8.el7_3.ppc64.rpm |
| RedHat | 7 | ppc64 | freeradius-unixodbc | < 3.0.4-8.el7_3 | freeradius-unixODBC-3.0.4-8.el7_3.ppc64.rpm |
| RedHat | 7 | x86_64 | freeradius-sqlite | < 3.0.4-8.el7_3 | freeradius-sqlite-3.0.4-8.el7_3.x86_64.rpm |
| RedHat | 7 | s390 | freeradius-debuginfo | < 3.0.4-8.el7_3 | freeradius-debuginfo-3.0.4-8.el7_3.s390.rpm |
| RedHat | 7 | ppc64le | freeradius-doc | < 3.0.4-8.el7_3 | freeradius-doc-3.0.4-8.el7_3.ppc64le.rpm |
| RedHat | 7 | ppc | freeradius-devel | < 3.0.4-8.el7_3 | freeradius-devel-3.0.4-8.el7_3.ppc.rpm |
| RedHat | 7 | ppc64le | freeradius-sqlite | < 3.0.4-8.el7_3 | freeradius-sqlite-3.0.4-8.el7_3.ppc64le.rpm |
| RedHat | 7 | x86_64 | freeradius-ldap | < 3.0.4-8.el7_3 | freeradius-ldap-3.0.4-8.el7_3.x86_64.rpm |
Related
prion
prion
Authentication flaw
2017-05-29 17:29:00
myhack58
myhack58
debiancve
debiancve
CVE-2017-9148
2017-05-29 17:29:00
nessus
nessus
FreeBSD : FreeRADIUS -- TLS resumption authentication bypass (673dce46-46d0-11e7-a539-0050569f7e80)
2017-06-02 00:00:00
Ubuntu 17.04 : freeradius vulnerability (USN-3316-1)
2017-06-08 00:00:00
Fedora 25 : freeradius (2017-e698bba980)
2017-06-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2017-1135)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3316-1)
2017-06-08 00:00:00
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2017-1134)
2020-01-23 00:00:00
archlinux
archlinux
[ASA-201706-2] freeradius: authentication bypass
2017-06-02 00:00:00
centos
centos
freeradius security update
2017-06-29 17:08:45
freebsd
freebsd
FreeRADIUS -- TLS resumption authentication bypass
2017-02-03 00:00:00
gentoo
gentoo
FreeRADIUS: Security bypass
2017-06-27 00:00:00
ubuntu
ubuntu
FreeRADIUS vulnerability
2017-06-07 00:00:00
ubuntucve
ubuntucve
CVE-2017-9148
2017-05-29 00:00:00
cvelist
cvelist
CVE-2017-9148
2017-05-29 17:00:00
veracode
veracode
Authentication Bypass
2020-12-06 03:20:56
osv
osv
CVE-2017-9148
2017-05-29 17:29:00
freeradius - security update
2017-06-05 00:00:00
nvd
nvd
CVE-2017-9148
2017-05-29 17:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: freeradius-3.0.14-1.fc25
2017-06-09 11:31:22
[SECURITY] Fedora 26 Update: freeradius-3.0.14-1.fc26
2017-06-09 20:18:57
cve
cve
CVE-2017-9148
2017-05-29 17:29:00
oraclelinux
oraclelinux
freeradius security update
2017-06-28 00:00:00
redhatcve
redhatcve
CVE-2017-9148
2017-05-30 08:20:48
threatpost
threatpost
FreeRADIUS Update Resolves Authentication Bypass
2017-05-30 14:39:55
debian
debian
[SECURITY] [DLA 977-1] freeradius security update
2017-06-05 16:33:27