The world's most popular RADIUS Server.Security Contact
The FreeRADIUS security contact is security@freeradius.org. All security related information or notifications should be sent to that address. Security notifications may be signed with the pgp key aland@freeradius.org
Security of the RADIUS Protocol
The security papers page lists some general issues with RADIUS security.Vulnerability Notifications
- 2009.09.09 v1.1.7 - Anyone who can send packets to the server
can crash it by sending a Tunnel-Password attribute in an
Access-Request packet. This vulnerability is not otherwise
exploitable. We have released 1.1.8 to correct this vulnerability.
This issue is similar to the previous Tunnel-Password issue noted below. The vulnerable versions are 1.1.3 through 1.1.7. Version 2.x is not affected.
- 2008.05.13
A bug added to OpenSSL on Debian and Ubuntu systems means that SSL keys on those systems may be guessable.
We recommend that administrators using OpenSSL on Debian or Ubuntu upgrade immediately. We also recommend re-generating any SSL certificates used in RADIUS systems, if those certificates were created on a Debian or Ubuntu system since 2006.
We emphasize that this is not a bug in FreeRADIUS. FreeRADIUS uses OpenSSL for many of it's cryptographic operations, and as such, is at the mercy of any problems in OpenSSL.
- 2007.04.10 v1.1.5, and earlier - A malicous 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUE_PAIR data structure, of approximately 300 bytes. If an attacker performed the attack many times (e.g. thousands or more over a period of minutes to hours), the server could leak megabytes of memory, potentially leading to an "out of memory" condition, and early process exit.
We recommend that administrators using EAP-TTLS upgrade immediately.
- 2006.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the EAP-MSCHAPv2 module in all versions from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing. We recommend that administrators upgrade immediately.
- 2005.09.09 v1.0.3, v1.0.4 - Multiple issues exist with version 1.0.4, and all prior versions of the server. Externally exploitable vulnerabilities exist only for sites that use the rlm_sqlcounter module. Those sites may be vulnerable to SQL injection attacks, similar to the issues noted below. All sites that have not deployed the rlm_sqlcounter module are not vulnerable to external exploits. However, we still recommend that all sites upgrade to version 1.0.5.
The issues are:
- SQL Injection attack in the rlm_sqlcounter module.
- Buffer overflow in the rlm_sqlcounter module, that may cause a server crash.
- Buffer overflow while expanding %t, that may cause a server crash.
These issues were found by Primoz Bratanic. As the rlm_sqlcounter module is marked "experimental" in the server source, it is not enabled or configured in most sites. As a result, we believe that the number of vulnerable sites is low.
Additional issues, not externally exploitable, were found by Suse. A full response to their report is available here. A related post to the vendor-sec mailing list is found here.
- 2005.05.01 v1.0.1, v1.0.2 - Two vulnerabilities in the SQL module exist in all versions prior to 1.0.3. Sites not using the SQL module are not affected by this issue. However, we still recommend that all sites upgrade to version 1.0.3.
The issues are:
- Buffer overflow - A long string could overflow an internal buffer in the SQL module, and write two bytes of text [0-9a-f] past the end of the buffer. The server may exit when this happens, resulting in a DoS attack. Depending on the local configuration of the server, this may occur before a user is authenticated. This vulnerability is externally exploitable, but can not result in the execution of arbitrary code.
- SQL injection attacks - The SQL module suffers from SQL injection attacks in the group_membership_query, simul_count_query, and simul_verify_query configuration entries. The first query is exploitable if your site is configured to use the SQL-Group attribute in any module in the authorize section of radiusd.conf. The last two queries are exploitable only if your site has user names that contain a single quote character (').
- 2004.09.14 v1.0.0 - Multiple external DoS attacks exist in the server. These are related to the attacks below, in 0.9.2, but were not caught then. The vulnerabilities are fixed in 1.0.1, and in all later versions of the server. The vulnerabilities are not exploitable, but can be used to remotely crash the server.
- 2003.11.20 v0.9.3 - There is an externally exploitable root compromise in rlm_smb, through a stack overflow when a password greater than 128 bytes referenced by the module. The module is not built or installed by default, so we have not released a 0.9.4. This vulnerability is fixed in the CVS snapshots, and will be included in any later release of the server.
- 2003.10.15 v0.9.2 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 0.9.3 to correct this vulnerability.
- 2002.07.26 v0.7.0 - The Kerberos module may grant access to a user whose Kerberos ticket cannot be verified against the server principal. We have released 0.7.1 to correct this vulnerability.
- 2001.12.17 v0.3 - CA-2002-06. Multiple vulnerabilities in multiple RADIUS implementations. We have released 0.4 to correct these vulnerabilities.
Non-Vulnerability Notifications
Some "vulnerability" notifications issued for FreeRADIUS are, in fact, non-issues. These notifications are usually sent by the originator to various security lists, without first notifying us. This practice is problematic, because it does not give us the opportunity to respond, or to correct the underlying problem before it can be exploited.
We therefore recommend that anyone finding a potential issue with FreeRADIUS contact us using the security contact information listed above. We will work with you to issue a coordinated statement about the problem.
People who do not contact us, and who issue "vulnerabilities" that are not real vulnerabilities get listed below. This affords us the opportunity to give an official response in a public forum.
- 2010.10.01 CVE-2010-3697 - This issue was filed without consulting with us, and we do not agree with the assessment.
The correct summary is that if the database is down for a long time and the server is unresponsive, there are corner cases where known clients (not attackers) sending large amounts of data can cause the server to crash.
In normal operation, when the server stops responding to packets (i.e. because the database is down), the NAS will stop sending it packets, and will fail over to another server. In addition, our tests indicate that this issue occurs only when the database is down for extended periods of time, and the server receives many millions of packets during that time. i.e. the problem will not occur in most deployments.
We recommend that deployments monitor their database and RADIUS server. If the database is down for extended periods, the root cause should be investigated and corrected. When FreeRADIUS is configured to depend on a database, database outages will naturally cause service outages for the RADIUS server. People who want a fix to this issue can upgrade to the latest version of the server.
- 2010.10.01 CVE-2010-3696 - This issue was filed without consulting with us, and we do not agree with the assessment.
The correct summary is that modifying the source code to the server can cause it to crash. The DHCP code is clearly marked "experimental", and is not normally included in the server binaries. It should be no surprise, therefore, that experimental and untested features do not work properly.
We recommend that people run experimental code in a closed environment. People who want a fix to this issue can upgrade to the latest version of the server.
- 2010.02.03 CVE-2010-0524 - This issue only affects Mac OS X Server systems.
Apple had apparently configured FreeRADIUS to accept all "well known" Certificate Authorities as valid for EAP-TLS. This configuration permitted almost anyone to create a client certificate for use with EAP-TLS, which would then be accepted by Mac OS X Server systems.
We recommend that the list of Certificate Authorities configured in FreeRADIUS be audited, and kept as small as possible.
- 2007.01.02 - SMB_Handle_Type SMB_Connect_Server. While the summary is superficially correct, and there is a stack overflow in rlm_smb, the issue is less problematic than it sounds.
CVE-2007-0080 has been updated with our statement.
SecurityTracker Alert ID: 1017463 has been updated with our statement.
freeradius-smbconnectserver-bo (31248) has been updated to no longer claim the issue is remotely exploitable. They do not, however, include our vendor statement, though they do reference it. They also list the issue as "High Risk", and "Gain Privileges", which is NOT TRUE, for the reasons outlined below.
In summary, the issue is not remotely exploitable. It is exploitable by local administrators who have write access to the server configuration files. If an attacker can write to the server configuration files, they can configure the server to run arbitrary programs. Exploiting the server via a stack overflow would be unnecessary.
The solution to this "vulnerability", of course, is to ensure that only the correct people are given write access to the server configuration files.