CVE-2024-3596

Name
CVE-2024-3596
Description
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://datatracker.ietf.org/doc/html/rfc2865
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
https://www.blastradius.fail/
http://www.openwall.com/lists/oss-security/2024/07/09/4
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
Third Party Advisory https://security.netapp.com/advisory/ntap-20240822-0001/
Third Party Advisory https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol

Match rules

CPE URI Source package Min version Max version
rfc == 2865 == 2865
cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:* freeradius >= None < 3.0.27

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freeradius edge-main 3.0.26-r9 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
freeradius edge-main 3.0.27-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
freeradius 3.21-main 3.0.27-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
freeradius 3.20-main 3.0.27-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
freeradius 3.19-main 3.0.27-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
freeradius 3.18-main 3.0.27-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed