Bug 1206205 (CVE-2022-41860) - VUL-0: CVE-2022-41860: freeradius-server: Crash on unknown option in EAP-SIM
Summary: VUL-0: CVE-2022-41860: freeradius-server: Crash on unknown option in EAP-SIM
Status: RESOLVED FIXED
Alias: CVE-2022-41860
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/350027/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-41860:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-08 07:55 UTC by Alexander Bergmann
Modified: 2024-05-03 09:21 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-12-08 07:55:54 UTC 
rh#2078485

When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.

References:

https://freeradius.org/security/

Upstream fix:

https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2078485
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41860
Comment 6 Swamp Workflow Management 2022-12-27 11:22:39 UTC 
SUSE-SU-2022:4620-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1180525,1184016,1206204,1206205,1206206
CVE References: CVE-2022-41859,CVE-2022-41860,CVE-2022-41861
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise Server for SAP 15 (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise Server 15-LTSS (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE Enterprise Storage 6 (src):    freeradius-server-3.0.16-150000.3.13.1
SUSE CaaS Platform 4.0 (src):    freeradius-server-3.0.16-150000.3.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2022-12-27 11:23:35 UTC 
SUSE-SU-2022:4621-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1206204,1206205,1206206
CVE References: CVE-2022-41859,CVE-2022-41860,CVE-2022-41861
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    freeradius-server-3.0.19-3.12.1
SUSE Linux Enterprise Server 12-SP5 (src):    freeradius-server-3.0.19-3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-12-27 11:25:17 UTC 
SUSE-SU-2022:4622-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1206204,1206205,1206206
CVE References: CVE-2022-41859,CVE-2022-41860,CVE-2022-41861
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Manager Server 4.2 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Manager Server 4.1 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Manager Retail Branch Server 4.2 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Manager Retail Branch Server 4.1 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Manager Proxy 4.2 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Manager Proxy 4.1 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Enterprise Storage 7.1 (src):    freeradius-server-3.0.21-150200.3.12.1
SUSE Enterprise Storage 7 (src):    freeradius-server-3.0.21-150200.3.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-12-27 17:20:14 UTC 
SUSE-SU-2022:4626-1: An update that fixes three vulnerabilities, contains one feature is now available.

Category: security (important)
Bug References: 1206204,1206205,1206206
CVE References: CVE-2022-41859,CVE-2022-41860,CVE-2022-41861
JIRA References: SLE-11203
Sources used:
openSUSE Leap 15.4 (src):    freeradius-server-3.0.25-150400.4.4.1
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    freeradius-server-3.0.25-150400.4.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2023-01-23 17:16:21 UTC 
SUSE-SU-2023:0124-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1206204,1206205,1206206
CVE References: CVE-2022-41859,CVE-2022-41860,CVE-2022-41861
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    freeradius-server-3.0.15-2.23.1
SUSE OpenStack Cloud 9 (src):    freeradius-server-3.0.15-2.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    freeradius-server-3.0.15-2.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    freeradius-server-3.0.15-2.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2023-01-25 14:18:45 UTC 
SUSE-SU-2023:0135-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1206204,1206205,1206206
CVE References: CVE-2022-41859,CVE-2022-41860,CVE-2022-41861
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    freeradius-server-3.0.3-17.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Robert Frohl 2024-05-03 09:21:15 UTC 
done, closing