DescriptionRADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freeradius (PTS)bullseye3.0.21+dfsg-2.2+deb11u1vulnerable
sid, trixie3.2.5+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bookworm] - freeradius <no-dsa> (Minor issue; can be fixed via point release rebasing to 3.2.5)
[bullseye] - freeradius <no-dsa> (Minor issue; intrusive to backport)
CVE is for the RADIUS Protocol issue under RFC 2865, but track for time beeing
sources which add mitigations for the "BlastRADIUS protocol vulnerability".

Search for package or bug name: Reporting problems