Vulnerabilities > CVE-2019-13456 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
low complexity
freeradius
redhat
opensuse
CWE-203
nessus
NVD
Published: 2019-12-03
Updated: 2022-01-01

Summary

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

Vulnerable Configurations

Part Description Count
Application
Freeradius
31
OS
Linux
1
OS
Redhat
2
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-CA0F5E835D.NASL
    descriptionSecurity fix for CVE-2019-13456 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131459
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131459
    titleFedora 31 : freeradius (2019-ca0f5e835d)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-ca0f5e835d.
#

include("compat.inc");

if (description)
{
  script_id(131459);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/17");

  script_cve_id("CVE-2019-13456");
  script_xref(name:"FEDORA", value:"2019-ca0f5e835d");

  script_name(english:"Fedora 31 : freeradius (2019-ca0f5e835d)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security fix for CVE-2019-13456

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca0f5e835d"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected freeradius package."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13456");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:freeradius");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"freeradius-3.0.20-1.fc31")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1018-1.NASL
    descriptionThis update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Fixed an issue in TLS-EAP where the OCSP verification, when an intermediate client certificate was not explicitly trusted (bsc#1146848). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-20
    plugin id135751
    published2020-04-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135751
    titleSUSE SLES12 Security Update : freeradius-server (SUSE-SU-2020:1018-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:1018-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(135751);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id("CVE-2019-13456", "CVE-2019-17185");

  script_name(english:"SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2020:1018-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for freeradius-server fixes the following issues :

CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd
(bsc#1144524).

CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX
access (bsc#1166847).

Fixed an issue in TLS-EAP where the OCSP verification, when an
intermediate client certificate was not explicitly trusted
(bsc#1146848).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1166847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-13456/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-17185/"
  );
  # https://www.suse.com/support/update/announcement/2020/suse-su-20201018-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6928c583"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
SUSE-OpenStack-Cloud-Crowbar-8-2020-1018=1

SUSE OpenStack Cloud 8:zypper in -t patch
SUSE-OpenStack-Cloud-8-2020-1018=1

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2020-1018=1

SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
SUSE-SLE-SAP-12-SP3-2020-1018=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2020-1018=1

SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2020-1018=1

SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-BCL-2020-1018=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2020-1018=1

HPE Helion Openstack 8:zypper in -t patch
HPE-Helion-OpenStack-8-2020-1018=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13456");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-perl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-utils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3/4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-debugsource-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-doc-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-krb5-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-krb5-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-ldap-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-ldap-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-libs-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-libs-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-mysql-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-mysql-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-perl-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-perl-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-postgresql-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-postgresql-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-python-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-python-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-sqlite-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-sqlite-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-utils-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"freeradius-server-utils-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-debugsource-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-doc-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-krb5-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-krb5-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-ldap-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-ldap-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-libs-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-libs-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-mysql-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-mysql-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-perl-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-perl-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-postgresql-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-postgresql-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-python-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-python-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-sqlite-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-sqlite-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-utils-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"freeradius-server-utils-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-debugsource-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-doc-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-krb5-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-krb5-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-ldap-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-ldap-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-libs-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-libs-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-mysql-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-mysql-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-perl-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-perl-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-postgresql-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-postgresql-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-python-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-python-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-sqlite-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-sqlite-debuginfo-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-utils-3.0.15-2.14.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"freeradius-server-utils-debuginfo-3.0.15-2.14.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius-server");
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1005.NASL
    descriptionAccording to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the
    last seen2020-05-03
    modified2020-01-02
    plugin id132598
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132598
    titleEulerOS 2.0 SP8 : freeradius (EulerOS-SA-2020-1005)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(132598);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2019-13456"
  );

  script_name(english:"EulerOS 2.0 SP8 : freeradius (EulerOS-SA-2020-1005)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the freeradius package installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :

  - In FreeRADIUS 3.0 through 3.0.19, on average 1 in every
    2048 EAP-pwd handshakes fails because the password
    element cannot be found within 10 iterations of the
    hunting and pecking loop. This leaks information that
    an attacker can use to recover the password of any
    user. This information leakage is similar to the
    'Dragonblood' attack and CVE-2019-9494.(CVE-2019-13456)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1005
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8029d28b");
  script_set_attribute(attribute:"solution", value:
"Update the affected freeradius package.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:freeradius");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["freeradius-3.0.15-14.h3.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1023-1.NASL
    descriptionThis update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Fixed an issue in TLS-EAP where the OCSP verification, when an intermediate client certificate was not explicitly trusted (bsc#1146848). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-20
    plugin id135754
    published2020-04-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135754
    titleSUSE SLED15 / SLES15 Security Update : freeradius-server (SUSE-SU-2020:1023-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:1023-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(135754);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id("CVE-2019-13456", "CVE-2019-17185");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : freeradius-server (SUSE-SU-2020:1023-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for freeradius-server fixes the following issues :

CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd
(bsc#1144524).

CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX
access (bsc#1166847).

Fixed an issue in TLS-EAP where the OCSP verification, when an
intermediate client certificate was not explicitly trusted
(bsc#1146848).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1166847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-13456/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-17185/"
  );
  # https://www.suse.com/support/update/announcement/2020/suse-su-20201023-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dbbe965a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 15:zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-2020-1023=1

SUSE Linux Enterprise Server 15-LTSS:zypper in -t patch
SUSE-SLE-Product-SLES-15-2020-1023=1

SUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in
-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1023=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1023=1

SUSE Linux Enterprise High Performance Computing 15-LTSS:zypper in -t
patch SUSE-SLE-Product-HPC-15-2020-1023=1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:zypper in -t
patch SUSE-SLE-Product-HPC-15-2020-1023=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13456");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-perl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-utils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-debugsource-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-devel-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-krb5-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-krb5-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-ldap-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-ldap-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-libs-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-libs-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-mysql-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-mysql-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-perl-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-perl-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-postgresql-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-postgresql-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-python-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-python-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-sqlite-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-sqlite-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-utils-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-utils-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-debugsource-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"freeradius-server-doc-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-debugsource-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-devel-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-krb5-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-krb5-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-ldap-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-ldap-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-libs-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-libs-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-mysql-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-mysql-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-perl-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-perl-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-postgresql-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-postgresql-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-python-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-python-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-sqlite-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-sqlite-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-utils-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"freeradius-server-utils-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"freeradius-server-debuginfo-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"freeradius-server-debugsource-3.0.16-3.6.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"freeradius-server-doc-3.0.16-3.6.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius-server");
}
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1672.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1672 advisory. - freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations (CVE-2019-13456) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-28
    plugin id136048
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136048
    titleRHEL 8 : freeradius:3.0 (RHSA-2020:1672)
    code
    #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:1672. The text
# itself is copyright (C) Red Hat, Inc.
#


include('compat.inc');

if (description)
{
  script_id(136048);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");

  script_cve_id("CVE-2019-13456");
  script_xref(name:"RHSA", value:"2020:1672");

  script_name(english:"RHEL 8 : freeradius:3.0 (RHSA-2020:1672)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
the RHSA-2020:1672 advisory.

  - freeradius: eap-pwd: Information leak due to aborting
    when needing more than 10 iterations (CVE-2019-13456)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1672");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13456");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1737663");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13456");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(200);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-rest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-unixODBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius-utils");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

module_ver = get_kb_item('Host/RedHat/appstream/freeradius');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module freeradius:3.0');
if ('3.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module freeradius:' + module_ver);

appstreams = {
    'freeradius:3.0': [
      {'reference':'freeradius-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-debugsource-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-debugsource-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-debugsource-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-devel-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-devel-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-devel-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-doc-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-doc-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-doc-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-krb5-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-krb5-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-krb5-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-ldap-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-ldap-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-ldap-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-mysql-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-mysql-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-mysql-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-perl-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-perl-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-perl-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-postgresql-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-postgresql-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-postgresql-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-rest-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-rest-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-rest-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-sqlite-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-sqlite-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-sqlite-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-unixODBC-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-unixODBC-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-unixODBC-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'freeradius-utils-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'freeradius-utils-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'s390x', 'release':'8'},
      {'reference':'freeradius-utils-3.0.17-7.module+el8.2.0+4847+336970e8', 'cpu':'x86_64', 'release':'8'}
    ],
};

flag = 0;
appstreams_found = 0;
foreach module (keys(appstreams)) {
  appstream = NULL;
  appstream_name = NULL;
  appstream_version = NULL;
  appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach package_array ( appstreams[module] ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module freeradius:3.0');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freeradius / freeradius-debugsource / freeradius-devel / etc');
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1020-1.NASL
    descriptionThis update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-20
    plugin id135752
    published2020-04-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135752
    titleSUSE SLES12 Security Update : freeradius-server (SUSE-SU-2020:1020-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:1020-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(135752);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id("CVE-2019-13456", "CVE-2019-17185");

  script_name(english:"SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2020:1020-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for freeradius-server fixes the following issues :

CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd
(bsc#1144524).

CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX
access (bsc#1166847).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1166847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-13456/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-17185/"
  );
  # https://www.suse.com/support/update/announcement/2020/suse-su-20201020-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a1a3a05d"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t
patch SUSE-SLE-SDK-12-SP5-2020-1020=1

SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2020-1020=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13456");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-ldap-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-mysql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-perl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-postgresql-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-sqlite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:freeradius-server-utils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-debugsource-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-doc-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-krb5-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-krb5-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-ldap-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-ldap-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-libs-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-libs-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-mysql-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-mysql-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-perl-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-perl-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-postgresql-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-postgresql-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-python-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-python-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-sqlite-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-sqlite-debuginfo-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-utils-3.0.19-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"freeradius-server-utils-debuginfo-3.0.19-3.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius-server");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-553.NASL
    descriptionThis update for freeradius-server fixes the following issues : - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). - Fixed an issue in TLS-EAP where the OCSP verification, when an intermediate client certificate was not explicitly trusted (bsc#1146848). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-05-03
    modified2020-04-27
    plugin id136010
    published2020-04-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136010
    titleopenSUSE Security Update : freeradius-server (openSUSE-2020-553)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-17ED521527.NASL
    descriptionSecurity fix for CVE-2019-13456 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131442
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131442
    titleFedora 30 : freeradius (2019-17ed521527)

Redhat

advisories
bugzilla
id1737663
titleCVE-2019-13456 freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • commentModule freeradius:3.0 is enabled
      ovaloval:com.redhat.rhsa:tst:20191142027
    • OR
      • AND
        • commentfreeradius-utils is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672001
        • commentfreeradius-utils is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881004
      • AND
        • commentfreeradius-unixODBC is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672003
        • commentfreeradius-unixODBC is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881006
      • AND
        • commentfreeradius-sqlite is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672005
        • commentfreeradius-sqlite is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20171581018
      • AND
        • commentfreeradius-rest is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672007
        • commentfreeradius-rest is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20191142008
      • AND
        • commentfreeradius-postgresql is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672009
        • commentfreeradius-postgresql is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881008
      • AND
        • commentfreeradius-perl is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672011
        • commentfreeradius-perl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881002
      • AND
        • commentfreeradius-mysql is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672013
        • commentfreeradius-mysql is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881016
      • AND
        • commentfreeradius-ldap is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672015
        • commentfreeradius-ldap is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881014
      • AND
        • commentfreeradius-krb5 is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672017
        • commentfreeradius-krb5 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881010
      • AND
        • commentfreeradius-doc is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672019
        • commentfreeradius-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20171581022
      • AND
        • commentfreeradius-devel is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672021
        • commentfreeradius-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20171581006
      • AND
        • commentfreeradius-debugsource is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672023
        • commentfreeradius-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20191142024
      • AND
        • commentfreeradius is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          ovaloval:com.redhat.rhsa:tst:20201672025
        • commentfreeradius is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20120881018
rhsa
idRHSA-2020:1672
released2020-04-28
severityModerate
titleRHSA-2020:1672: freeradius:3.0 security update (Moderate)
rpms
  • freeradius-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-debugsource-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-devel-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-doc-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-krb5-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-krb5-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-ldap-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-ldap-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-mysql-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-mysql-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-perl-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-perl-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-postgresql-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-postgresql-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-rest-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-rest-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-sqlite-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-sqlite-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-unixODBC-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-unixODBC-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-utils-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-utils-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8

The Hacker News

idTHN:095E73BF928FB6C5EB72791F3C98BD34
last seen2019-08-03
modified2019-08-03
published2019-08-03
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/08/hack-wpa3-wifi-password.html
titleResearchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

References