{
  "threat_severity" : "Important",
  "public_date" : "2017-05-08T00:00:00Z",
  "bugzilla" : {
    "description" : "freeradius: TLS resumption authentication bypass",
    "id" : "1456697",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1456697"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-287",
  "details" : [ "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", "An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-06-28T00:00:00Z",
    "advisory" : "RHSA-2017:1581",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "freeradius-0:3.0.4-8.el7_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "freeradius",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "freeradius2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "freeradius",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-9148\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9148" ],
  "name" : "CVE-2017-9148",
  "mitigation" : {
    "value" : "Disable TLS session caching in FreeRADIUS by setting \"enable = no\" in the cache subsection of EAP module settings, which are in /etc/raddb/mods-available/eap file.",
    "lang" : "en:us"
  },
  "csaw" : false
}