Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2701

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-2701
Last Modified 21 Sep 2011 11:32:15
Published 03 Aug 2011 10:45:32
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2701

Summary

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Vulnerable Systems

Application

  • Freeradius 2.1.11


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=724815

MISC - https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html

XF - freeradius-certificate-security-bypass(68782)

BID - 48880

BUGTRAQ - 20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11

MLIST - [oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)

MLIST - [oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)

MLIST - [oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)

SECTRACK - 1025833

SREASON - 8325

SECUNIA - 45425


Last Updated: 27 May 2016 10:57:05