Bug#926958: Proposed security upload for FreeRADIUS

Bernhard Schmidt Wed, 24 Apr 2019 08:45:24 -0700

Hi,

I've gained access to the FreeRADIUS salsa repo and have pushed a new
debian/stretch branch containing last years security upload and the
cherry-picked fixes for #926958


It applies and builds cleanly, I'm currently waiting for a colleague who
runs our Radius proxies to test it.

debdiff attached.

Best Regards,
Bernhard

diff -Nru freeradius-3.0.12+dfsg/debian/changelog freeradius-3.0.12+dfsg/debian/changelog
--- freeradius-3.0.12+dfsg/debian/changelog	2017-08-10 09:05:06.000000000 +0200
+++ freeradius-3.0.12+dfsg/debian/changelog	2019-04-24 17:25:10.000000000 +0200
@@ -1,3 +1,13 @@
+freeradius (3.0.12+dfsg-5+deb9u2) stretch-security; urgency=high
+
+  * Non-maintainer upload (security bugfix)
+  * Cherry-Pick upstream commits to fix CVE-2019-11234 / CVE-2019-11235 /
+    VU#871675 (Invalid Curve Attack and Reflection Attack on EAP-PWD, leading
+    to authentication bypass) (Closes: #926958)
+  * d/gbp.conf: set debian-branch for Stretch
+
+ -- Bernhard Schmidt <be...@debian.org>  Wed, 24 Apr 2019 17:25:10 +0200
+
 freeradius (3.0.12+dfsg-5+deb9u1) stretch-security; urgency=high
 
   * Apply upstream patches:
diff -Nru freeradius-3.0.12+dfsg/debian/gbp.conf freeradius-3.0.12+dfsg/debian/gbp.conf
--- freeradius-3.0.12+dfsg/debian/gbp.conf	2017-05-30 17:18:34.000000000 +0200
+++ freeradius-3.0.12+dfsg/debian/gbp.conf	2019-04-24 17:25:10.000000000 +0200
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar=True
+debian-branch=debian/stretch
diff -Nru freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-1.patch freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-1.patch
--- freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-1.patch	1970-01-01 01:00:00.000000000 +0100
+++ freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-1.patch	2019-04-24 17:25:10.000000000 +0200
@@ -0,0 +1,59 @@
+From 85497b5ff37ccb656895b826b88585898c209586 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <mathy.vanh...@nyu.edu>
+Date: Tue, 9 Apr 2019 15:17:19 -0400
+Subject: [PATCH] When processing an EAP-pwd Commit frame, the peer's scalar
+ and elliptic curve point were not validated. This allowed an adversary to
+ bypass authentication, and impersonate any user.
+
+Fix this vulnerability by assuring the received scalar lies within the valid
+range, and by checking that the received element is not the point at infinity
+and lies on the elliptic curve being used.
+---
+ .../rlm_eap/types/rlm_eap_pwd/eap_pwd.c       | 22 +++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
+index 7f91e4b230..848ca2055e 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
+@@ -373,11 +373,26 @@ int process_peer_commit (pwd_session_t *session, uint8_t *in, size_t in_len, BN_
+ 	data_len = BN_num_bytes(session->order);
+ 	BN_bin2bn(ptr, data_len, session->peer_scalar);
+ 
++	/* validate received scalar */
++	if (BN_is_zero(session->peer_scalar) ||
++	    BN_is_one(session->peer_scalar) ||
++	    BN_cmp(session->peer_scalar, session->order) >= 0) {
++		ERROR("Peer's scalar is not within the allowed range");
++		goto finish;
++	}
++
+ 	if (!EC_POINT_set_affine_coordinates_GFp(session->group, session->peer_element, x, y, bnctx)) {
+ 		DEBUG2("pwd: unable to get coordinates of peer's element");
+ 		goto finish;
+ 	}
+ 
++	/* validate received element */
++	if (!EC_POINT_is_on_curve(session->group, session->peer_element, bn_ctx) ||
++	    EC_POINT_is_at_infinity(session->group, session->peer_element)) {
++		ERROR("Peer's element is not a point on the elliptic curve");
++		goto finish;
++	}
++
+ 	/* check to ensure peer's element is not in a small sub-group */
+ 	if (BN_cmp(cofactor, BN_value_one())) {
+ 		if (!EC_POINT_mul(session->group, point, NULL, session->peer_element, cofactor, NULL)) {
+@@ -391,6 +406,13 @@ int process_peer_commit (pwd_session_t *session, uint8_t *in, size_t in_len, BN_
+ 		}
+ 	}
+ 
++	/* detect reflection attacks */
++	if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 ||
++	    EC_POINT_cmp(session->group, session->peer_element, session->my_element, bn_ctx) == 0) {
++		ERROR("Reflection attack detected");
++		goto finish;
++	}
++
+ 	/* compute the shared key, k */
+ 	if ((!EC_POINT_mul(session->group, K, NULL, session->pwe, session->peer_scalar, bnctx)) ||
+ 	    (!EC_POINT_add(session->group, K, K, session->peer_element, bnctx)) ||
diff -Nru freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-2.patch freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-2.patch
--- freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-2.patch	1970-01-01 01:00:00.000000000 +0100
+++ freeradius-3.0.12+dfsg/debian/patches/CVE-2019-11234-2.patch	2019-04-24 17:25:10.000000000 +0200
@@ -0,0 +1,31 @@
+From ab4c767099f263a7cd4109bcdca80ee74210a769 Mon Sep 17 00:00:00 2001
+From: Matthew Newton <matthew-...@newtoncomputing.co.uk>
+Date: Wed, 10 Apr 2019 10:11:23 +0100
+Subject: [PATCH] fix incorrectly named variable
+
+---
+ src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
+index 848ca2055e..c54f08c030 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
+@@ -387,7 +387,7 @@ int process_peer_commit (pwd_session_t *session, uint8_t *in, size_t in_len, BN_
+ 	}
+ 
+ 	/* validate received element */
+-	if (!EC_POINT_is_on_curve(session->group, session->peer_element, bn_ctx) ||
++	if (!EC_POINT_is_on_curve(session->group, session->peer_element, bnctx) ||
+ 	    EC_POINT_is_at_infinity(session->group, session->peer_element)) {
+ 		ERROR("Peer's element is not a point on the elliptic curve");
+ 		goto finish;
+@@ -408,7 +408,7 @@ int process_peer_commit (pwd_session_t *session, uint8_t *in, size_t in_len, BN_
+ 
+ 	/* detect reflection attacks */
+ 	if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 ||
+-	    EC_POINT_cmp(session->group, session->peer_element, session->my_element, bn_ctx) == 0) {
++	    EC_POINT_cmp(session->group, session->peer_element, session->my_element, bnctx) == 0) {
+ 		ERROR("Reflection attack detected");
+ 		goto finish;
+ 	}
diff -Nru freeradius-3.0.12+dfsg/debian/patches/series freeradius-3.0.12+dfsg/debian/patches/series
--- freeradius-3.0.12+dfsg/debian/patches/series	2017-07-31 13:06:26.000000000 +0200
+++ freeradius-3.0.12+dfsg/debian/patches/series	2019-04-24 17:25:10.000000000 +0200
@@ -19,3 +19,5 @@
 fr-gv-303.patch
 fr-gv-304.patch
 fr-gv-305.patch
+CVE-2019-11234-1.patch
+CVE-2019-11234-2.patch

Bug#926958: Proposed security upload for FreeRADIUS

Reply via email to