INFSA-2024:4936: freeradius:3.0 security update
Information about definition
Identificator: INFSA-2024:4936
Type: security
Release date: 2024-10-10 05:51:57 UTC
Information about package
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.
Vulnerabilities description
- CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-3596
|
no information | 9 | no information |
Updated packages