Mandriva Update For Freeradius MDVSA-2012:047 (freeradius) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in freeradius: The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate (CVE-2011-2701). The updated packages have been patched to correct this issue.

Affected

freeradius on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2011-2701
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:040 (dia)
Mandrake Security Advisory MDVSA-2009:034 (squid)
Mandrake Security Advisory MDVSA-2009:161-1 (squid)
Mandrake Security Advisory MDVSA-2009:068-1 (poppler)

Mandriva Update for freeradius MDVSA-2012:047 (freeradius)

Take action and discover your vulnerabilities