Mandriva Update For Freeradius MDVSA-2012:159 (freeradius) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in freeradius: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). The updated packages have been patched to correct this issue.

Affected

freeradius on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-3547
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:032 (kernel)
Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:034 (squid)
Mandrake Security Advisory MDVSA-2009:163 (tomcat5)

Mandriva Update for freeradius MDVSA-2012:159 (freeradius)

Take action and discover your vulnerabilities