search

FreeRADIUS / freeradius-client

A BSD licenced RADIUS client library
http://freeradius.org/freeradius-client/
Other
141 stars 100 forks source link

Blast-RADIUS CVE-2024-3596 #124

Open zivua opened 1 month ago

zivua commented 1 month ago

Hello -- will freeradius-client receive the Message-Authenticator updates needed to address CVE-2024-3596 ?

alandekok commented 1 month ago

We plan on releasing a new version of freeradius-client shortly.

sunil-1989 commented 1 month ago

Hi @alandekok ,

I am just curious about when the new release will be available? By any chance do you know ?

lelandmills commented 3 weeks ago

Alan, I also am interested in blast radius fix on the client library. Any update?

lelandmills commented 2 weeks ago

message_authenticator.patch Alan, if nobody's gotten to it yet, I believe this patch contains the necessary changes for blast radius to the client. It also has assorted checks/fixes. The message authenticator pieces alone are contained in include/freeradius-client.h and lib/: rc-md5.h, rc-md5.c, buildreq.c, options.h, sendserver.c. You'll recognize some of it. :)