RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | freeradius-0:3.0.20-1.el7_9.1 | * |
Red Hat Enterprise Linux 8 | RedHat | freeradius:3.0-8100020230904084920.69ef70f8 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | freeradius:3.0-8020020240726095340.ce27ea5e | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | freeradius:3.0-8040020240719063921.9ab73fbf | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | freeradius:3.0-8040020240719063921.9ab73fbf | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | freeradius:3.0-8040020240719063921.9ab73fbf | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | freeradius:3.0-8060020240719034751.830b6f11 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | freeradius:3.0-8060020240719034751.830b6f11 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | freeradius:3.0-8060020240719034751.830b6f11 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | freeradius:3.0-8080020240719112231.b012cf7d | * |
Red Hat Enterprise Linux 9 | RedHat | freeradius-0:3.0.21-40.el9_4 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | freeradius-0:3.0.21-26.el9_0.1 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | freeradius-0:3.0.21-38.el9_2.2 | * |
Freeradius | Ubuntu | esm-infra/bionic | * |
Freeradius | Ubuntu | esm-infra/xenial | * |
Freeradius | Ubuntu | focal | * |
Freeradius | Ubuntu | jammy | * |
Freeradius | Ubuntu | mantic | * |
Freeradius | Ubuntu | noble | * |
Freeradius | Ubuntu | upstream | * |