diff --git a/SOURCES/freeradius-EAP-PWD-information-leak-10-iterations.patch b/SOURCES/freeradius-EAP-PWD-information-leak-10-iterations.patch new file mode 100644 index 0000000..0d727f4 --- /dev/null +++ b/SOURCES/freeradius-EAP-PWD-information-leak-10-iterations.patch @@ -0,0 +1,38 @@ +From 3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef +Date: Wed, 5 Jun 2019 19:21:06 +0000 +Subject: [PATCH] EAP-pwd: fix side-channel leak where 1 in 2018 handshakes + fail + +Previously the Hunting and Pecking algorithm of EAP-pwd aborted when +more than 10 iterations are needed. Every iteration has a 50% chance +of finding the password element. This means one in every 2048 handshakes +will fail, in which case an error frame is sent to the client. This +event leaks information that can be abused in an offline password +brute-force attack. More precisely, the adversary learns that all 10 +iterations failed for the given random EAP-pwd token. Using the same +techniques as in the Dragonblood attack, this can be used to brute-force +the password. + +This patch fixes the above issue by executing enough iterations such that +the password element is always found eventually. + +Note that timing and cache leaks remain a risk against the current +implementation of EAP-pwd. +--- + src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c +index c54f08c030..d94851c3aa 100644 +--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c ++++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c +@@ -192,7 +192,7 @@ int compute_password_element (pwd_session_t *session, uint16_t grp_num, + } + ctr = 0; + while (1) { +- if (ctr > 10) { ++ if (ctr > 100) { + DEBUG("unable to find random point on curve for group %d, something's fishy", grp_num); + goto fail; + } diff --git a/SPECS/freeradius.spec b/SPECS/freeradius.spec index ab7d682..2771e27 100644 --- a/SPECS/freeradius.spec +++ b/SPECS/freeradius.spec @@ -9,7 +9,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.0.17 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -38,6 +38,8 @@ Patch6: freeradius-OpenSSL-HMAC-SHA1.patch Patch7: freeradius-python2-shebangs.patch Patch8: freeradius-EAP-PWD-curve-handling.patch Patch9: freeradius-listen-ipv6-fix.patch +Patch10: freeradius-EAP-PWD-information-leak-10-iterations.patch + %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -164,7 +166,8 @@ Obsoletes: %{name}-python < %{version}-%{release} %description -n python2-freeradius This plugin provides the Python support for the FreeRADIUS server project. -%endif # with python2 +# endif: with python2 +%endif %package mysql Summary: MySQL support for freeradius @@ -225,6 +228,7 @@ This plugin provides the REST support for the FreeRADIUS server project. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -751,7 +755,8 @@ exit 0 /etc/raddb/mods-config/python/example.py* /etc/raddb/mods-config/python/radiusd.py* %{_libdir}/freeradius/rlm_python.so -%endif # with python2 +# endif: with python2 +%endif %files mysql %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/mysql @@ -852,6 +857,10 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Fri Nov 22 2019 Alexander Scheel - 3.0.17-7 +- Fix information leak due to aborting when needing more than 10 iterations + Resolves: bz#1751797 + * Fri Jun 14 2019 Alexander Scheel - 3.0.17-6 - Fix handling of IPv6-only hostnames with listen.ipaddr Resolves: bz#1685546