CVE-2024-3596

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Read the notes from the security team

Mitigation

Disable the use of RADIUS/UDP and RADIUS/TCP - instead RADIUS/TLS or RADIUS/DTLS should be used.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
freeradius	24.10 oracular	Not affected
	24.04 LTS noble	Fixed 3.2.5+dfsg-3~ubuntu24.04.1
	23.10 mantic	Ignored end of life, was needed
	22.04 LTS jammy	Fixed 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3
	20.04 LTS focal	Fixed 3.0.20+dfsg-3ubuntu0.4
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Vulnerable
krb5	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

Notes

alexmurray

RADIUS clients may also be affected

mdeslaur

This vulnerability is known as Blast-RADIUS Added krb5 to this CVE as libkrad in krb5 does not contain support for the Message-Authenticator, preventing this vulnerability from being addressed between libkrad and a radius server. See the following for more information: https://issues.redhat.com/browse/RHEL-55453 Note: libkrad0 binary package is in the universe pocket.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
freeradius	Upstream: https://github.com/FreeRADIUS/freeradius-server/commits/v3.0.x/?since=2024-07-09&until=2024-07-09 Upstream: https://github.com/FreeRADIUS/freeradius-server/commits/v3.2.x/?since=2024-07-09&until=2024-07-09 Upstream: 3a00a6e Upstream: 4da715d Upstream: 69765bb Upstream: 5e1a393 Upstream: bc4f0a7 Upstream: 33ae351 Upstream: 828341a Upstream: ea6bf44 Upstream: 0c101d6 Upstream: 836aeb9 Upstream: 099c416 Upstream: 9455341 Upstream: 43587a6 Upstream: 6451425 Upstream: 2817b85 Upstream: accb06a Upstream: 3f8da13 Upstream: bf190f9 Upstream: 0aada8c Upstream: a26afcf Upstream: 9518f2d Upstream: 55342c7 Upstream: da643f1

Package

Patch details

freeradius

Upstream: https://github.com/FreeRADIUS/freeradius-server/commits/v3.0.x/?since=2024-07-09&until=2024-07-09
Upstream: https://github.com/FreeRADIUS/freeradius-server/commits/v3.2.x/?since=2024-07-09&until=2024-07-09
Upstream: 3a00a6e
Upstream: 4da715d
Upstream: 69765bb
Upstream: 5e1a393
Upstream: bc4f0a7
Upstream: 33ae351
Upstream: 828341a
Upstream: ea6bf44
Upstream: 0c101d6
Upstream: 836aeb9
Upstream: 099c416
Upstream: 9455341
Upstream: 43587a6
Upstream: 6451425
Upstream: 2817b85
Upstream: accb06a
Upstream: 3f8da13
Upstream: bf190f9
Upstream: 0aada8c
Upstream: a26afcf
Upstream: 9518f2d
Upstream: 55342c7
Upstream: da643f1

Severity score breakdown

Parameter	Value
Base score	8.1 · High
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-7055-1
FreeRADIUS vulnerability
3 October 2024

Cvss 3 Severity Score

Mitigation

Status

Notes

alexmurray

mdeslaur

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references