Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blast-RADIUS CVE-2024-3596 #124

Open
zivua opened this issue Jul 17, 2024 · 5 comments
Open

Blast-RADIUS CVE-2024-3596 #124

zivua opened this issue Jul 17, 2024 · 5 comments

Comments

@zivua
Copy link

zivua commented Jul 17, 2024

Hello -- will freeradius-client receive the Message-Authenticator updates needed to address CVE-2024-3596 ?
@alandekok
Copy link
Member

We plan on releasing a new version of freeradius-client shortly.

@sunil-1989
Copy link

sunil-1989 commented Aug 1, 2024
edited
Loading

Hi @alandekok ,

I am just curious about when the new release will be available? By any chance do you know ?

@lelandmills
Copy link

Alan, I also am interested in blast radius fix on the client library. Any update?

@lelandmills
Copy link

message_authenticator.patch
Alan, if nobody's gotten to it yet, I believe this patch contains the necessary changes for blast radius to the client. It also has assorted checks/fixes. The message authenticator pieces alone are contained in include/freeradius-client.h and lib/: rc-md5.h, rc-md5.c, buildreq.c, options.h, sendserver.c. You'll recognize some of it. :)

@sunil-1989
Copy link

Hi @alandekok
Is there a new version of freeradius-client coming up in upcoming weeks for this vulnerability ??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alandekok @sunil-1989 @lelandmills @zivua