Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3547

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3547
Last Modified 30 Oct 2013 11:27:08
Published 18 Sep 2012 01:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3547

Summary

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.

Vulnerable Systems

Application

  • Freeradius 2.1.10

  • Freeradius 2.1.11

  • Freeradius 2.1.12


References

XF - freeradius-cbtlsverify-bo(78408)

SECTRACK - 1027509

BID - 55483

MISC - http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt

MLIST - [oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods

DEBIAN - DSA-2546

SECUNIA - 50584

SECUNIA - 50484

OSVDB - 85325

CONFIRM - http://freeradius.org/security.html

BUGTRAQ - 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods

UBUNTU - USN-1585-1

SUSE - openSUSE-SU-2012:1200

REDHAT - RHSA-2012:1327

REDHAT - RHSA-2012:1326

SECUNIA - 50770

SECUNIA - 50637

MANDRIVA - MDVSA-2012:159

FEDORA - FEDORA-2012-15743

APPLE - APPLE-SA-2013-10-22-5

Related Patches

Red Hat 2012:1327-01 RHSA Moderate: freeradius2 security update for RHEL 5 x86


Last Updated: 27 May 2016 10:51:51