ALT-BU-2025-9218-1
Branch c10f2 update bulletin.
Package freeradius updated to version 3.2.7-alt1 for branch c10f2 in task 389400.
Closed vulnerabilities
BDU:2024-05180
Уязвимость реализации протокола аутентификации RADIUS связана с обходом процедуры аутентификации посредством захвата-воспроизведения (capture-replay) перехваченных сообщений. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ путём подделки аутентификационного ответа
Modified: 2025-04-07
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Modified: 2025-04-07
CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Modified: 2025-09-04
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
- http://www.openwall.com/lists/oss-security/2024/07/09/4
- https://cert-portal.siemens.com/productcert/html/ssa-723487.html
- https://cert-portal.siemens.com/productcert/html/ssa-794185.html
- https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
- https://datatracker.ietf.org/doc/html/rfc2865
- https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
- https://www.blastradius.fail/
- http://www.openwall.com/lists/oss-security/2024/07/09/4
- https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
- https://datatracker.ietf.org/doc/html/rfc2865
- https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
- https://security.netapp.com/advisory/ntap-20240822-0001/
- https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
- https://www.blastradius.fail/
Closed vulnerabilities
BDU:2021-01679
Уязвимость функции Parser_parseDocument() набора средств для UPnP устройств PUPnP, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-28302
A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.
Package libblockdev updated to version 3.3.1-alt1 for branch c10f2 in task 389500.
Closed vulnerabilities
BDU:2025-07084
Уязвимость библиотеки libblockdev, связанная с возможностью монтирования файловой системы и управлением накопителями в результате некорректного разграничения доступа при обращении к демону udisks, позволяющая нарушителю повысить свои привилегии до уровня root
Modified: 2025-07-10
CVE-2025-6019
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
- https://access.redhat.com/errata/RHSA-2025:10796
- https://access.redhat.com/errata/RHSA-2025:9320
- https://access.redhat.com/errata/RHSA-2025:9321
- https://access.redhat.com/errata/RHSA-2025:9322
- https://access.redhat.com/errata/RHSA-2025:9323
- https://access.redhat.com/errata/RHSA-2025:9324
- https://access.redhat.com/errata/RHSA-2025:9325
- https://access.redhat.com/errata/RHSA-2025:9326
- https://access.redhat.com/errata/RHSA-2025:9327
- https://access.redhat.com/errata/RHSA-2025:9328
- https://access.redhat.com/errata/RHSA-2025:9878
- https://access.redhat.com/security/cve/CVE-2025-6019
- https://bugzilla.redhat.com/show_bug.cgi?id=2370051
- https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
- http://www.openwall.com/lists/oss-security/2025/06/17/5
- http://www.openwall.com/lists/oss-security/2025/06/17/6
- http://www.openwall.com/lists/oss-security/2025/06/18/1
- https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html
- https://news.ycombinator.com/item?id=44325861
- https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/
Closed bugs
CVE-2025-6019