USN-7055-1
- Source
- https://ubuntu.com/security/notices/USN-7055-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7055-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7055-1
- Upstream
- Related
- Published
- 2024-10-03T14:24:55.043427Z
- Modified
- 2025-10-13T04:38:40Z
- Summary
- freeradius vulnerability
- Details
-
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypass authentication, and access network devices and services.
This update introduces new configuration options called "limitproxystate" and "requiremessageauthenticator" that default to "auto" but should be set to "yes" once all RADIUS devices have been upgraded on a network.
- References
Affected packages
Ubuntu:20.04:LTS / freeradius
Package
- Name
- freeradius
- Purl
- pkg:deb/ubuntu/freeradius@3.0.20+dfsg-3ubuntu0.4?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.20+dfsg-3ubuntu0.4
Affected versions
3.*
3.0.19+dfsg-3
3.0.19+dfsg-3build1
3.0.20+dfsg-1
3.0.20+dfsg-3
3.0.20+dfsg-3build1
3.0.20+dfsg-3ubuntu0.1
3.0.20+dfsg-3ubuntu0.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "freeradius",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-common",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-config",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-dhcp",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-iodbc",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-krb5",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-ldap",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-memcached",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-mysql",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-postgresql",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-python3",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-redis",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-rest",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-utils",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "freeradius-yubikey",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "libfreeradius-dev",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
},
{
"binary_name": "libfreeradius3",
"binary_version": "3.0.20+dfsg-3ubuntu0.4"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-3596"
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS / freeradius
Package
- Name
- freeradius
- Purl
- pkg:deb/ubuntu/freeradius@3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3
Affected versions
3.*
3.0.21+dfsg-2.2
3.0.21+dfsg-3
3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu2
3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3
3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1
3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "freeradius",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-common",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-config",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-dhcp",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-iodbc",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-krb5",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-ldap",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-memcached",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-mysql",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-postgresql",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-python3",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-redis",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-rest",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-utils",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "freeradius-yubikey",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "libfreeradius-dev",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
},
{
"binary_name": "libfreeradius3",
"binary_version": "3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.3"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-3596"
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / freeradius
Package
- Name
- freeradius
- Purl
- pkg:deb/ubuntu/freeradius@3.2.5+dfsg-3~ubuntu24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.5+dfsg-3~ubuntu24.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "freeradius",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-common",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-config",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-dhcp",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-iodbc",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-krb5",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-ldap",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-memcached",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-mysql",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-postgresql",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-python3",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-redis",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-rest",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-utils",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "freeradius-yubikey",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "libfreeradius-dev",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
},
{
"binary_name": "libfreeradius3",
"binary_version": "3.2.5+dfsg-3~ubuntu24.04.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2024-3596"
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}