Test Kennung:	1.3.6.1.4.1.25623.1.0.72467
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2012:159 (freeradius)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to freeradius announced via advisory MDVSA-2012:159. A vulnerability has been found and corrected in freeradius: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:159 Risk factor : High
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3547 http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html BugTraq ID: 55483 http://www.securityfocus.com/bid/55483 Bugtraq: 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html Debian Security Information: DSA-2546 (Google Search) http://www.debian.org/security/2012/dsa-2546 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:159 http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt http://www.openwall.com/lists/oss-security/2012/09/10/2 http://osvdb.org/85325 RedHat Security Advisories: RHSA-2012:1326 http://rhn.redhat.com/errata/RHSA-2012-1326.html RedHat Security Advisories: RHSA-2012:1327 http://rhn.redhat.com/errata/RHSA-2012-1327.html http://www.securitytracker.com/id?1027509 http://secunia.com/advisories/50484 http://secunia.com/advisories/50584 http://secunia.com/advisories/50637 http://secunia.com/advisories/50770 SuSE Security Announcement: openSUSE-SU-2012:1200 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html http://www.ubuntu.com/usn/USN-1585-1 XForce ISS Database: freeradius-cbtlsverify-bo(78408) https://exchange.xforce.ibmcloud.com/vulnerabilities/78408
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.