Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-3596

Published: Jul 09, 2024 | Modified: Jul 23, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
9 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-3596
CWEhttps://cwe.mitre.org/data/definitions/.html

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat freeradius-0:3.0.20-1.el7_9.1 *
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat krb5-0:1.15.1-55.el7_9.3 *
Red Hat Enterprise Linux 8 RedHat freeradius:3.0-8100020230904084920.69ef70f8 *
Red Hat Enterprise Linux 8 RedHat krb5-0:1.18.2-30.el8_10 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat freeradius:3.0-8020020240726095340.ce27ea5e *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat krb5-0:1.17-19.el8_2.2 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat freeradius:3.0-8040020240719063921.9ab73fbf *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat krb5-0:1.18.2-9.el8_4.2 *
Red Hat Enterprise Linux 8.4 Telecommunications Update Service RedHat freeradius:3.0-8040020240719063921.9ab73fbf *
Red Hat Enterprise Linux 8.4 Telecommunications Update Service RedHat krb5-0:1.18.2-9.el8_4.2 *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions RedHat freeradius:3.0-8040020240719063921.9ab73fbf *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions RedHat krb5-0:1.18.2-9.el8_4.2 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat freeradius:3.0-8060020240719034751.830b6f11 *
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support RedHat krb5-0:1.18.2-16.el8_6.2 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat freeradius:3.0-8060020240719034751.830b6f11 *
Red Hat Enterprise Linux 8.6 Telecommunications Update Service RedHat krb5-0:1.18.2-16.el8_6.2 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat freeradius:3.0-8060020240719034751.830b6f11 *
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions RedHat krb5-0:1.18.2-16.el8_6.2 *
Red Hat Enterprise Linux 8.8 Extended Update Support RedHat freeradius:3.0-8080020240719112231.b012cf7d *
Red Hat Enterprise Linux 8.8 Extended Update Support RedHat krb5-0:1.18.2-26.el8_8.3 *
Red Hat Enterprise Linux 9 RedHat freeradius-0:3.0.21-40.el9_4 *
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-4.el9_5 *
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-4.el9_5 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat freeradius-0:3.0.21-26.el9_0.1 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat krb5-0:1.19.1-16.el9_0.2 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat freeradius-0:3.0.21-38.el9_2.2 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat krb5-0:1.20.1-9.el9_2.2 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat krb5-0:1.21.1-2.el9_4.1 *
Freeradius Ubuntu esm-infra/bionic *
Freeradius Ubuntu esm-infra/xenial *
Freeradius Ubuntu focal *
Freeradius Ubuntu jammy *
Freeradius Ubuntu mantic *
Freeradius Ubuntu noble *
Freeradius Ubuntu upstream *
Krb5 Ubuntu trusty/esm *
Libpam-radius-auth Ubuntu trusty/esm *
Libpam-radius-auth Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use