diff --git a/backport-CVE-2019-13456.patch b/backport-CVE-2019-13456.patch new file mode 100644 index 0000000..0cd5873 --- /dev/null +++ b/backport-CVE-2019-13456.patch @@ -0,0 +1,38 @@ +From 3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Wed, 5 Jun 2019 19:21:06 +0000 +Subject: [PATCH] EAP-pwd: fix side-channel leak where 1 in 2018 handshakes + fail + +Previously the Hunting and Pecking algorithm of EAP-pwd aborted when +more than 10 iterations are needed. Every iteration has a 50% chance +of finding the password element. This means one in every 2048 handshakes +will fail, in which case an error frame is sent to the client. This +event leaks information that can be abused in an offline password +brute-force attack. More precisely, the adversary learns that all 10 +iterations failed for the given random EAP-pwd token. Using the same +techniques as in the Dragonblood attack, this can be used to brute-force +the password. + +This patch fixes the above issue by executing enough iterations such that +the password element is always found eventually. + +Note that timing and cache leaks remain a risk against the current +implementation of EAP-pwd. +--- + src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c +index c54f08c0308..d94851c3aa0 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c ++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c +@@ -192,7 +192,7 @@ int compute_password_element (pwd_session_t *session, uint16_t grp_num, + } + ctr = 0; + while (1) { +- if (ctr > 10) { ++ if (ctr > 100) { + DEBUG("unable to find random point on curve for group %d, something's fishy", grp_num); + goto fail; + } diff --git a/freeradius.spec b/freeradius.spec index 224c87f..2279c95 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -4,7 +4,7 @@ Name: freeradius Version: 3.0.15 -Release: 20 +Release: 21 Summary: Remote Authentication Dial-In User Service License: GPLv2+ and LGPLv2+ @@ -20,6 +20,7 @@ Patch6000: CVE-2019-11234_1.patch Patch6001: CVE-2019-11234_2.patch Patch6002: CVE-2019-10143.patch Patch6003: remove-unused-arguement.patch +Patch6004: backport-CVE-2019-13456.patch BuildRequires: autoconf gdbm-devel openssl openssl-devel pam-devel zlib-devel net-snmp-devel BuildRequires: net-snmp-utils readline-devel libpcap-devel systemd-units libtalloc-devel @@ -435,6 +436,12 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ldap %changelog +* Thu Jan 14 2021 xihaochen - 3.0.15-21 +- Type: CVE +- CVE: CVE-2019-13456 +- SUG: NA +- DESC: fix CVE-2019-13456 + * Fri Dec 25 2020 sunguoshuai - 3.0.15-20 - Remove unused arguement