Unrated severityOSV Advisory· Published Apr 21, 2019· Updated Aug 4, 2024
CVE-2019-11234
CVE-2019-11234
Description
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20branch_4_0_0, first-build, release_0_1_0, …+ 1 more
- (no CPE)range: branch_4_0_0, first-build, release_0_1_0, …
- (no CPE)range: <3.0.19
- osv-coords18 versionspkg:rpm/opensuse/freeradius-server&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/freeradius-server&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/freeradius-server&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freeradius-server&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/freeradius-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/freeradius-server&distro=SUSE%20OpenStack%20Cloud%207
< 3.0.16-lp150.2.3.1+ 17 more
- (no CPE)range: < 3.0.16-lp150.2.3.1
- (no CPE)range: < 3.0.16-lp151.4.3.1
- (no CPE)range: < 3.0.23-1.5
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.16-3.3.1
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.15-2.11.2
- (no CPE)range: < 3.0.15-2.11.2
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.3-17.12.1
- (no CPE)range: < 3.0.15-2.11.2
- (no CPE)range: < 3.0.15-2.11.2
- (no CPE)range: < 3.0.15-2.11.2
- (no CPE)range: < 3.0.15-2.11.2
- (no CPE)range: < 3.0.3-17.12.1
Patches
Vulnerability mechanics
References
11- lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:1131mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:1142mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3954-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- freeradius.org/release_notes/mitrex_refsource_MISC
- freeradius.org/security/mitrex_refsource_MISC
- papers.mathyvanhoef.com/dragonblood.pdfmitrex_refsource_MISC
- www.kb.cert.org/vuls/id/871675/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.