Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-131)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120330

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-131)

Resumen: The remote host is missing an update for the 'freeradius' package(s) announced via the ALAS-2012-131 advisory.

Descripción: Summary:
The remote host is missing an update for the 'freeradius' package(s) announced via the ALAS-2012-131 advisory.

Vulnerability Insight:
A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)

Affected Software/OS:
'freeradius' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3547
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
BugTraq ID: 55483
http://www.securityfocus.com/bid/55483
Bugtraq: 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html
Debian Security Information: DSA-2546 (Google Search)
http://www.debian.org/security/2012/dsa-2546
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:159
http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt
http://www.openwall.com/lists/oss-security/2012/09/10/2
http://osvdb.org/85325
RedHat Security Advisories: RHSA-2012:1326
http://rhn.redhat.com/errata/RHSA-2012-1326.html
RedHat Security Advisories: RHSA-2012:1327
http://rhn.redhat.com/errata/RHSA-2012-1327.html
http://www.securitytracker.com/id?1027509
http://secunia.com/advisories/50484
http://secunia.com/advisories/50584
http://secunia.com/advisories/50637
http://secunia.com/advisories/50770
SuSE Security Announcement: openSUSE-SU-2012:1200 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html
http://www.ubuntu.com/usn/USN-1585-1
XForce ISS Database: freeradius-cbtlsverify-bo(78408)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78408

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120330
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-131)
Resumen:	The remote host is missing an update for the 'freeradius' package(s) announced via the ALAS-2012-131 advisory.
Descripción:	Summary: The remote host is missing an update for the 'freeradius' package(s) announced via the ALAS-2012-131 advisory. Vulnerability Insight: A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Affected Software/OS: 'freeradius' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3547 http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html BugTraq ID: 55483 http://www.securityfocus.com/bid/55483 Bugtraq: 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html Debian Security Information: DSA-2546 (Google Search) http://www.debian.org/security/2012/dsa-2546 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:159 http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt http://www.openwall.com/lists/oss-security/2012/09/10/2 http://osvdb.org/85325 RedHat Security Advisories: RHSA-2012:1326 http://rhn.redhat.com/errata/RHSA-2012-1326.html RedHat Security Advisories: RHSA-2012:1327 http://rhn.redhat.com/errata/RHSA-2012-1327.html http://www.securitytracker.com/id?1027509 http://secunia.com/advisories/50484 http://secunia.com/advisories/50584 http://secunia.com/advisories/50637 http://secunia.com/advisories/50770 SuSE Security Announcement: openSUSE-SU-2012:1200 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html http://www.ubuntu.com/usn/USN-1585-1 XForce ISS Database: freeradius-cbtlsverify-bo(78408) https://exchange.xforce.ibmcloud.com/vulnerabilities/78408
Copyright	Copyright (C) 2015 Greenbone AG