发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:43:22

[原文]login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

[CNNVD]OpenBSD Radius认证绕过漏洞(CNNVD-200412-796)

        OpenBSD 3.2,3.5版本,以及可能还包括其他版本中的login_radius,没有核实RADIUS服务器发送的一个响应数据包的共享密钥,远程攻击者可以利用该漏洞通过骗取服务器答复的方式来绕过认证。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4
cpe:/o:openbsd:openbsd:3.2OpenBSD 3.2
cpe:/o:openbsd:openbsd:3.5OpenBSD 3.5

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  11227
(UNKNOWN)  XF  openbsd-radius-auth-bypass(17456)
(VENDOR_ADVISORY)  VULNWATCH  20040921 OpenBSD radius authentication vulnerability

- 漏洞信息

OpenBSD Radius认证绕过漏洞
高危 设计错误
2004-12-31 00:00:00 2005-10-20 00:00:00
        OpenBSD 3.2,3.5版本,以及可能还包括其他版本中的login_radius,没有核实RADIUS服务器发送的一个响应数据包的共享密钥,远程攻击者可以利用该漏洞通过骗取服务器答复的方式来绕过认证。

- 公告与补丁

        Patches are available for OpenBSD 3.4 and 3.5. It is also reported that this issue is addressed in OpenBSD 3.6 and OpenBSD-current.
        F5 has released a patch and upgrades for BIG-IP and 3-DNS. Version 4.5.11 and 4.6.3 are not vulnerable to this issue. Contact the vendor to obtain fixes or upgrades.
        OpenBSD OpenBSD 3.5
        OpenBSD OpenBSD 3.4

- 漏洞信息

OpenBSD Radius Authentication UDP Spoofing Bypass
Remote / Network Access Authentication Management
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

OpenBSD contains a flaw that may allow a malicious user to bypass RADIUS authentication. The issue is triggered when an attacker forges a RADIUS ACCEPT packet purporting to be from the RADIUS server, which is not verified to be authentic. It is possible that the flaw may allow unauthorized logins resulting in a loss of confidentiality and integrity.

- 时间线

2004-09-21 Unknow
2004-09-21 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability in versions 3.4 and 3.5.

- 相关参考

- 漏洞作者