exploit the possibilities

FreeRADIUS Insufficient CRL Application

FreeRADIUS Insufficient CRL Application
Posted Jun 23, 2015
Authored by Andrea Barisani, Open Source CERT

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.

tags | advisory
advisories | CVE-2015-4680
MD5 | cafe48b37985ba8edab19c239d413d59

FreeRADIUS Insufficient CRL Application

Change Mirror Download

#2015-008 FreeRADIUS insufficent CRL application

Description:

The FreeRADIUS server is an open source project that provides a RADIUS
implementation.

The FreeRADIUS server relies on OpenSSL to perform certificate validation,
including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of
OpenSSL, in CRL application, limits the checks to leaf certificates,
therefore not detecting revocation of intermediate CA certificates.

An unexpired client certificate, issued by an intermediate CA with a revoked
certificate, is therefore accepted by FreeRADIUS.

Specifically sets the X509_V_FLAG_CRL_CHECK flag for leaf certificate CRL
checks, but does not use X509_V_FLAG_CRL_CHECK_ALL for CRL checks on the
complete trust chain.

The FreeRADIUS project advises that the recommended configuration is to use
self-signed CAs for all EAP-TLS methods.

Affected version:

FreeRADIUS <= 2.2.7, <= 3.0.8

Fixed version:

FreeRADIUS >= 2.2.8, >= 3.0.9

Credit: vulnerability anonymously reported.

CVE: CVE-2015-4680

Timeline:

2015-06-17: vulnerability report received
2015-06-18: contacted FreeRADIUS security maintainer
2015-06-18: patch provided by maintainer
2015-06-19: assigned CVE
2015-06-22: advisory release

References:
https://github.com/FreeRADIUS/freeradius-server/blob/b28326004379260ca2fe7b8884f813d90a741197/src/main/tls.c#L2111
https://github.com/FreeRADIUS/freeradius-server/blob/b28326004379260ca2fe7b8884f813d90a741197/src/main/tls.c#L2595
http://freeradius.org/security.html

Permalink:
http://www.ocert.org/advisories/ocert-2015-008.html

--
Andrea Barisani | Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team

<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close