|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for freeradius2 RHSA-2012:1327-01|
|Summary:||The remote host is missing an update for the 'freeradius2'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'freeradius2'
package(s) announced via the referenced advisory.
FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.
A buffer overflow flaw was discovered in the way radiusd handled the
expiration date field in X.509 client certificates. A remote attacker could
possibly use this flaw to crash radiusd if it were configured to use the
certificate or TLS tunnelled authentication methods (such as EAP-TLS,
EAP-TTLS, and PEAP). (CVE-2012-3547)
Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for
reporting this issue.
Users of FreeRADIUS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, radiusd will be restarted automatically.
freeradius2 on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-3547|
BugTraq ID: 55483
Bugtraq: 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods (Google Search)
Debian Security Information: DSA-2546 (Google Search)
RedHat Security Advisories: RHSA-2012:1326
RedHat Security Advisories: RHSA-2012:1327
SuSE Security Announcement: openSUSE-SU-2012:1200 (Google Search)
XForce ISS Database: freeradius-cbtlsverify-bo(78408)
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.