CVE-2024-3596

一、漏洞信息
漏洞编号：CVE-2024-3596
漏洞归属组件：wpa_supplicant
漏洞归属的版本：2.10
CVSS V3.0分值：
BaseScore：9.0 Critical
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞简述：
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
漏洞公开时间：2024-07-09 20:15
漏洞创建时间：2024-07-24 08:48:39
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-3596

更多参考(点击展开)

参考来源	参考链接	来源链接
cret.cert.org	http://www.openwall.com/lists/oss-security/2024/07/09/4
cret.cert.org	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
cret.cert.org	https://datatracker.ietf.org/doc/html/rfc2865
cret.cert.org	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
cret.cert.org	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
cret.cert.org	https://www.blastradius.fail/
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/07/09/4
af854a3a-2127-422b-91ae-364da2661108	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
af854a3a-2127-422b-91ae-364da2661108	https://datatracker.ietf.org/doc/html/rfc2865
af854a3a-2127-422b-91ae-364da2661108	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240822-0001/
af854a3a-2127-422b-91ae-364da2661108	https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
af854a3a-2127-422b-91ae-364da2661108	https://www.blastradius.fail/
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4826	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4828	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4829	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4874	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4913	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4912	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4911	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4936	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:4935	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8461	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8577	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8789	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8791	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8788	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8794	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8792	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:8860	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:9474	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:9547	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:10135	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
redhat_bugzilla	https://access.redhat.com/errata/RHSA-2024:11109	https://bugzilla.redhat.com/show_bug.cgi?id=2263240
ubuntu	https://www.cve.org/CVERecord?id=CVE-2024-3596	https://ubuntu.com/security/CVE-2024-3596
ubuntu	https://kb.cert.org/vince/comm/case/1515/	https://ubuntu.com/security/CVE-2024-3596
ubuntu	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf	https://ubuntu.com/security/CVE-2024-3596
ubuntu	https://www.blastradius.fail/	https://ubuntu.com/security/CVE-2024-3596
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2024-3596	https://ubuntu.com/security/CVE-2024-3596
ubuntu	https://launchpad.net/bugs/cve/CVE-2024-3596	https://ubuntu.com/security/CVE-2024-3596
ubuntu	https://security-tracker.debian.org/tracker/CVE-2024-3596	https://ubuntu.com/security/CVE-2024-3596
debian		https://security-tracker.debian.org/tracker/CVE-2024-3596
oracle		https://www.oracle.com/security-alerts/cpujan2025.html
anolis		https://anas.openanolis.cn/cves/detail/CVE-2024-3596
cve_search		https://datatracker.ietf.org/doc/html/rfc2865
cve_search		https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
cve_search		https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
cve_search		https://www.blastradius.fail/
cve_search		http://www.openwall.com/lists/oss-security/2024/07/09/4
cve_search		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
mageia		http://advisories.mageia.org/MGASA-2024-0264.html
amazon_linux_explore	https://access.redhat.com/security/cve/CVE-2024-3596	https://explore.alas.aws.amazon.com/CVE-2024-3596.html
amazon_linux_explore	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596	https://explore.alas.aws.amazon.com/CVE-2024-3596.html

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

详情(点击展开)

影响的包	修复补丁	来源
	http://www.openwall.com/lists/oss-security/2024/07/09/4	nvd
	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/	nvd
	https://datatracker.ietf.org/doc/html/rfc2865	nvd
	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf	nvd
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014	nvd
	https://www.blastradius.fail/	nvd
	https://security.netapp.com/advisory/ntap-20240822-0001/	nvd
	https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol	nvd
freeradius	https://github.com/FreeRADIUS/freeradius-server/commits/v3.0.x/?since=2024-07-09&until=2024-07-09	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commits/v3.2.x/?since=2024-07-09&until=2024-07-09	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/3a00a6ecc188629b0441fd45ad61ca8986de156e	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/4da715d93bf7c9d9b653318ca695bbfa6ceefc1e	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/69765bb5cc854f07b5e598d97998b9b06a11e7fa	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/5e1a3939e774ee33b8b6a85661ab689c6212c751	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/bc4f0a7d9666fa7f834de7a031814f8b24542891	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/33ae351097e0f9606b666bbfd05df8eef755e8ef	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/828341a7bd69ed4ebfe4e36d8fbfede6c5c50399	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/ea6bf44ba891a4d5b7c921c78e6cc697d349515a	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/0c101d631253baab62a9ad108138942856312991	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/836aeb93d762671703d1482eda236be91fe9fc05	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/099c41632dbd6137eb6874a8ecf9eb7dc31232fa	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/94553419c36cd76e89bc63927313399f99a91643	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/43587a6b378204ef82c8b3578c31d4ef70c00083	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/6451425175e988f2d048c26fd5683e4620ed2c0d	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/2817b853ddc6b0e12217fc8d3433dc8105d40bc0	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/accb06ac915db351c17e02711eaeebb05fda9371	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/3f8da1322f1ec0d27e9ed543ba798d12b9bafec7	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/bf190f9a0e2d79677edbeb76e5b4ae0a959f5f7f	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/0aada8c9b784ae6ee995565ffff4233c4eee1671	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/a26afcf05785c3bf699b303dfa30f426ad19a396	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/9518f2d25b4eadbc153f03554da21bb2233c8c6b	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/55342c7b33772a4fae152b32c4ce01f60a105042	ubuntu
freeradius	https://github.com/FreeRADIUS/freeradius-server/commit/da643f1edc267ce95260dc36069e6f1a7a4d66f8	ubuntu

二、漏洞分析结构反馈
影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：
1.master(2.11):
2.openEuler-20.03-LTS-SP4(2.6):
3.openEuler-22.03-LTS-SP1(2.6):
4.openEuler-22.03-LTS-SP3(2.6):
5.openEuler-22.03-LTS-SP4(2.6):
6.openEuler-24.03-LTS(2.10):
7.openEuler-24.03-LTS-Next(2.11):
8.openEuler-24.03-LTS-SP2(2.11):

修复是否涉及abi变化(是/否)：
1.master(2.11):
2.openEuler-20.03-LTS-SP4(2.6):
3.openEuler-22.03-LTS-SP1(2.6):
4.openEuler-22.03-LTS-SP3(2.6):
5.openEuler-22.03-LTS-SP4(2.6):
6.openEuler-24.03-LTS(2.10):
7.openEuler-24.03-LTS-Next(2.11):
8.openEuler-24.03-LTS-SP2(2.11):

原因说明：
1.master(2.11):
2.openEuler-20.03-LTS-SP4(2.6):
3.openEuler-22.03-LTS-SP3(2.6):
4.openEuler-22.03-LTS-SP4(2.6):
5.openEuler-24.03-LTS(2.10):
6.openEuler-24.03-LTS-Next(2.11):
7.openEuler-24.03-LTS-SP1(2.11):
8.openEuler-24.03-LTS-SP2(2.11):

src-openEuler/wpa_supplicant

内容风险标识

评论 (3)

src-openEuler/wpa_supplicant .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-3596

评论 (3)

搜索帮助

src-openEuler/wpa_supplicant