Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.130087
Category:Mageia Linux Local Security Checks
Title:Mageia Linux Local Check: mgasa-2015-0291
Summary:Mageia Linux Local Security Checks mgasa-2015-0291
Description:Summary:
Mageia Linux Local Security Checks mgasa-2015-0291

Vulnerability Insight:
The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS (CVE-2015-4680). The freeradius package has been updated to version 2.2.8, which fixes this issue, as well as the failure to run on Mageia 5 due to an OpenSSL issue.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-4680
BugTraq ID: 75327
http://www.securityfocus.com/bid/75327
Bugtraq: 20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application (Google Search)
http://www.securityfocus.com/archive/1/535810/100/0/threaded
http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html
http://www.ocert.org/advisories/ocert-2015-008.html
http://www.securitytracker.com/id/1032690
SuSE Security Announcement: SUSE-SU-2017:0102 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.