|Category:||CentOS Local Security Checks|
|Title:||CentOS Update for freeradius CESA-2012:1326 centos6|
|Summary:||The remote host is missing an update for the 'freeradius'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'freeradius'
package(s) announced via the referenced advisory.
FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.
A buffer overflow flaw was discovered in the way radiusd handled the
expiration date field in X.509 client certificates. A remote attacker could
possibly use this flaw to crash radiusd if it were configured to use the
certificate or TLS tunnelled authentication methods (such as EAP-TLS,
EAP-TTLS, and PEAP). (CVE-2012-3547)
Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for
reporting this issue.
Users of FreeRADIUS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, radiusd will be restarted automatically.
freeradius on CentOS 6
Please install the updated packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-3547|
BugTraq ID: 55483
Bugtraq: 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods (Google Search)
Debian Security Information: DSA-2546 (Google Search)
RedHat Security Advisories: RHSA-2012:1326
RedHat Security Advisories: RHSA-2012:1327
SuSE Security Announcement: openSUSE-SU-2012:1200 (Google Search)
XForce ISS Database: freeradius-cbtlsverify-bo(78408)
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.