FreeRADIUS는 네트워크에 중앙 인증 및 권한 부여를 허용하도록 설계된 고성능의 구성 가능한 무료 원격 인증 다이얼 인 사용자 서비스 서버입니다.
보안 수정 : FreeRADIUS의 EAP 모듈이 TLS 세션 재개를 처리하는 방식에서 인증 우회 결함이 발견되었습니다.
인증되지 않은 원격 공격자는이 결함을 잠재적으로 사용하여 이전의 인증되지 않은 TLS 세션을 다시 시작하여
FreeRADIUS의 내부 인증 검사를 우회 할 수 있습니다.
=====================================================================
Red Hat Security Advisory
Synopsis: Important: freeradius security update
Advisory ID: RHSA-2017:1581-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1581
Issue date: 2017-06-28
CVE Names: CVE-2017-9148
=====================================================================
1. Summary:
An update for freeradius is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.
Security Fix(es):
* An authentication bypass flaw was found in the way the EAP module in
FreeRADIUS handled TLS session resumption. A remote unauthenticated
attacker could potentially use this flaw to bypass the inner authentication
check in FreeRADIUS by resuming an older unauthenticated TLS session.
(CVE-2017-9148)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1456697 - CVE-2017-9148 freeradius: TLS resumption authentication bypass
6. Package List:
Red Hat Enterprise Linux Server (v. 7):
Source:
freeradius-3.0.4-8.el7_3.src.rpm
aarch64:
freeradius-3.0.4-8.el7_3.aarch64.rpm
freeradius-debuginfo-3.0.4-8.el7_3.aarch64.rpm
ppc64:
freeradius-3.0.4-8.el7_3.ppc64.rpm
freeradius-debuginfo-3.0.4-8.el7_3.ppc64.rpm
ppc64le:
freeradius-3.0.4-8.el7_3.ppc64le.rpm
freeradius-debuginfo-3.0.4-8.el7_3.ppc64le.rpm
s390x:
freeradius-3.0.4-8.el7_3.s390x.rpm
freeradius-debuginfo-3.0.4-8.el7_3.s390x.rpm
x86_64:
freeradius-3.0.4-8.el7_3.x86_64.rpm
freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64:
freeradius-debuginfo-3.0.4-8.el7_3.aarch64.rpm
freeradius-devel-3.0.4-8.el7_3.aarch64.rpm
freeradius-doc-3.0.4-8.el7_3.aarch64.rpm
freeradius-krb5-3.0.4-8.el7_3.aarch64.rpm
freeradius-ldap-3.0.4-8.el7_3.aarch64.rpm
freeradius-mysql-3.0.4-8.el7_3.aarch64.rpm
freeradius-perl-3.0.4-8.el7_3.aarch64.rpm
freeradius-postgresql-3.0.4-8.el7_3.aarch64.rpm
freeradius-python-3.0.4-8.el7_3.aarch64.rpm
freeradius-sqlite-3.0.4-8.el7_3.aarch64.rpm
freeradius-unixODBC-3.0.4-8.el7_3.aarch64.rpm
freeradius-utils-3.0.4-8.el7_3.aarch64.rpm
ppc64:
freeradius-debuginfo-3.0.4-8.el7_3.ppc.rpm
freeradius-debuginfo-3.0.4-8.el7_3.ppc64.rpm
freeradius-devel-3.0.4-8.el7_3.ppc.rpm
freeradius-devel-3.0.4-8.el7_3.ppc64.rpm
freeradius-doc-3.0.4-8.el7_3.ppc64.rpm
freeradius-krb5-3.0.4-8.el7_3.ppc64.rpm
freeradius-ldap-3.0.4-8.el7_3.ppc64.rpm
freeradius-mysql-3.0.4-8.el7_3.ppc64.rpm
freeradius-perl-3.0.4-8.el7_3.ppc64.rpm
freeradius-postgresql-3.0.4-8.el7_3.ppc64.rpm
freeradius-python-3.0.4-8.el7_3.ppc64.rpm
freeradius-sqlite-3.0.4-8.el7_3.ppc64.rpm
freeradius-unixODBC-3.0.4-8.el7_3.ppc64.rpm
freeradius-utils-3.0.4-8.el7_3.ppc64.rpm
ppc64le:
freeradius-debuginfo-3.0.4-8.el7_3.ppc64le.rpm
freeradius-devel-3.0.4-8.el7_3.ppc64le.rpm
freeradius-doc-3.0.4-8.el7_3.ppc64le.rpm
freeradius-krb5-3.0.4-8.el7_3.ppc64le.rpm
freeradius-ldap-3.0.4-8.el7_3.ppc64le.rpm
freeradius-mysql-3.0.4-8.el7_3.ppc64le.rpm
freeradius-perl-3.0.4-8.el7_3.ppc64le.rpm
freeradius-postgresql-3.0.4-8.el7_3.ppc64le.rpm
freeradius-python-3.0.4-8.el7_3.ppc64le.rpm
freeradius-sqlite-3.0.4-8.el7_3.ppc64le.rpm
freeradius-unixODBC-3.0.4-8.el7_3.ppc64le.rpm
freeradius-utils-3.0.4-8.el7_3.ppc64le.rpm
s390x:
freeradius-debuginfo-3.0.4-8.el7_3.s390.rpm
freeradius-debuginfo-3.0.4-8.el7_3.s390x.rpm
freeradius-devel-3.0.4-8.el7_3.s390.rpm
freeradius-devel-3.0.4-8.el7_3.s390x.rpm
freeradius-doc-3.0.4-8.el7_3.s390x.rpm
freeradius-krb5-3.0.4-8.el7_3.s390x.rpm
freeradius-ldap-3.0.4-8.el7_3.s390x.rpm
freeradius-mysql-3.0.4-8.el7_3.s390x.rpm
freeradius-perl-3.0.4-8.el7_3.s390x.rpm
freeradius-postgresql-3.0.4-8.el7_3.s390x.rpm
freeradius-python-3.0.4-8.el7_3.s390x.rpm
freeradius-sqlite-3.0.4-8.el7_3.s390x.rpm
freeradius-unixODBC-3.0.4-8.el7_3.s390x.rpm
freeradius-utils-3.0.4-8.el7_3.s390x.rpm
x86_64:
freeradius-debuginfo-3.0.4-8.el7_3.i686.rpm
freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm
freeradius-devel-3.0.4-8.el7_3.i686.rpm
freeradius-devel-3.0.4-8.el7_3.x86_64.rpm
freeradius-doc-3.0.4-8.el7_3.x86_64.rpm
freeradius-krb5-3.0.4-8.el7_3.x86_64.rpm
freeradius-ldap-3.0.4-8.el7_3.x86_64.rpm
freeradius-mysql-3.0.4-8.el7_3.x86_64.rpm
freeradius-perl-3.0.4-8.el7_3.x86_64.rpm
freeradius-postgresql-3.0.4-8.el7_3.x86_64.rpm
freeradius-python-3.0.4-8.el7_3.x86_64.rpm
freeradius-sqlite-3.0.4-8.el7_3.x86_64.rpm
freeradius-unixODBC-3.0.4-8.el7_3.x86_64.rpm
freeradius-utils-3.0.4-8.el7_3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
freeradius-3.0.4-8.el7_3.src.rpm
x86_64:
freeradius-3.0.4-8.el7_3.x86_64.rpm
freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
freeradius-debuginfo-3.0.4-8.el7_3.i686.rpm
freeradius-debuginfo-3.0.4-8.el7_3.x86_64.rpm
freeradius-devel-3.0.4-8.el7_3.i686.rpm
freeradius-devel-3.0.4-8.el7_3.x86_64.rpm
freeradius-doc-3.0.4-8.el7_3.x86_64.rpm
freeradius-krb5-3.0.4-8.el7_3.x86_64.rpm
freeradius-ldap-3.0.4-8.el7_3.x86_64.rpm
freeradius-mysql-3.0.4-8.el7_3.x86_64.rpm
freeradius-perl-3.0.4-8.el7_3.x86_64.rpm
freeradius-postgresql-3.0.4-8.el7_3.x86_64.rpm
freeradius-python-3.0.4-8.el7_3.x86_64.rpm
freeradius-sqlite-3.0.4-8.el7_3.x86_64.rpm
freeradius-unixODBC-3.0.4-8.el7_3.x86_64.rpm
freeradius-utils-3.0.4-8.el7_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2017-9148
https://access.redhat.com/security/updates/classification/#important
'취약점 정보2' 카테고리의 다른 글
iptime 제품군 펌웨어 업데이트 안내 (0) | 2017.06.28 |
---|---|
우분투 보안 권고(systemd vulnerability) (0) | 2017.06.28 |
해외 랜섬웨어(Petya) 감염 피해 확산에 따른 주의 권고 (0) | 2017.06.28 |
nginx 1.13.2 release (0) | 2017.06.28 |
우분투/데비안/RHEL/CentOS Apache 다중 보안 취약점 (0) | 2017.06.27 |