Oracle Linux: CVE-2019-11235: ELSA-2019-1142: freeradius:3.0 security update (IMPORTANT) (Multiple Advisories)
Description
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and integrity.
Solution(s)
- oracle-linux-upgrade-freeradius
- oracle-linux-upgrade-freeradius-devel
- oracle-linux-upgrade-freeradius-doc
- oracle-linux-upgrade-freeradius-krb5
- oracle-linux-upgrade-freeradius-ldap
- oracle-linux-upgrade-freeradius-mysql
- oracle-linux-upgrade-freeradius-perl
- oracle-linux-upgrade-freeradius-postgresql
- oracle-linux-upgrade-freeradius-python
- oracle-linux-upgrade-freeradius-rest
- oracle-linux-upgrade-freeradius-sqlite
- oracle-linux-upgrade-freeradius-unixodbc
- oracle-linux-upgrade-freeradius-utils
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center