Vulnerabilities > CVE-2012-3547 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius 2.1.10/2.1.11/2.1.12
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1327.NASL description From Red Hat Security Advisory 2012:1327 : Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68634 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68634 title Oracle Linux 5 : freeradius2 (ELSA-2012-1327) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1327 and # Oracle Linux Security Advisory ELSA-2012-1327 respectively. # include("compat.inc"); if (description) { script_id(68634); script_version("1.6"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-3547"); script_bugtraq_id(55483); script_xref(name:"RHSA", value:"2012:1327"); script_name(english:"Oracle Linux 5 : freeradius2 (ELSA-2012-1327)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:1327 : Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003058.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freeradius2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-unixODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"freeradius2-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"EL5", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius2 / freeradius2-krb5 / freeradius2-ldap / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1585-1.NASL description Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62348 published 2012-09-27 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62348 title Ubuntu 11.04 / 11.10 / 12.04 LTS : freeradius vulnerability (USN-1585-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1585-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(62348); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-3547"); script_bugtraq_id(55483); script_xref(name:"USN", value:"1585-1"); script_name(english:"Ubuntu 11.04 / 11.10 / 12.04 LTS : freeradius vulnerability (USN-1585-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1585-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected freeradius package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04 / 11.10 / 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"freeradius", pkgver:"2.1.10+dfsg-2ubuntu2.1")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"freeradius", pkgver:"2.1.10+dfsg-3ubuntu0.11.10.1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"freeradius", pkgver:"2.1.10+dfsg-3ubuntu0.12.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1327.NASL description Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62396 published 2012-10-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62396 title CentOS 5 : freeradius2 (CESA-2012:1327) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1327 and # CentOS Errata and Security Advisory 2012:1327 respectively. # include("compat.inc"); if (description) { script_id(62396); script_version("1.8"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-3547"); script_bugtraq_id(55483); script_xref(name:"RHSA", value:"2012:1327"); script_name(english:"CentOS 5 : freeradius2 (CESA-2012:1327)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2012-October/018905.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?42dce170" ); script_set_attribute( attribute:"solution", value:"Update the affected freeradius2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3547"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-unixODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"freeradius2-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius2 / freeradius2-krb5 / freeradius2-ldap / etc"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SERVER_3_0.NASL description The remote Mac OS X host has a version of OS X Server installed that is prior to 3.0. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the included JSON Ruby Gem, which can be abused to exhaust all available memory resources. (CVE-2013-0269) - Multiple cross-site scripting vulnerabilities exist in the included Ruby on Rails software. (CVE-2013-1854 / CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857) - A buffer overflow exists in the included FreeRADIUS software that can be triggered when parsing the last seen 2020-06-01 modified 2020-06-02 plugin id 70590 published 2013-10-24 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70590 title Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70590); script_version("1.5"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-3547", "CVE-2013-0269", "CVE-2013-1854", "CVE-2013-1855", "CVE-2013-1856", "CVE-2013-1857", "CVE-2013-5143" ); script_bugtraq_id(55483, 57899, 58549, 58552, 58554, 58555, 63285); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-5"); script_name(english:"Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities"); script_summary(english:"Checks OS X Server version."); script_set_attribute( attribute:"synopsis", value:"The remote host is missing a security update for OS X Server." ); script_set_attribute( attribute:"description", value: "The remote Mac OS X host has a version of OS X Server installed that is prior to 3.0. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the included JSON Ruby Gem, which can be abused to exhaust all available memory resources. (CVE-2013-0269) - Multiple cross-site scripting vulnerabilities exist in the included Ruby on Rails software. (CVE-2013-1854 / CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857) - A buffer overflow exists in the included FreeRADIUS software that can be triggered when parsing the 'not after' timestamp in a client certificate when using TLS-based EAP methods. (CVE-2012-3547) - A logic issue exists whereby the RADIUS service could choose an incorrect certificate from a list of configured certificates." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5999"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X Server version 3.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:mac_os_x_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("macosx_server_services.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Server/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); version = get_kb_item_or_exit("MacOSX/Server/Version"); fixed_version = "3.0"; if ( ereg(pattern:"Mac OS X 10\.[0-6]([^0-9]|$)", string:os) || ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1 ) { set_kb_item(name:"www/0/XSS", value:TRUE); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "OS X Server", version);NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-131.NASL description A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) last seen 2020-06-01 modified 2020-06-02 plugin id 69621 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69621 title Amazon Linux AMI : freeradius (ALAS-2012-131) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2012-131. # include("compat.inc"); if (description) { script_id(69621); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2012-3547"); script_xref(name:"ALAS", value:"2012-131"); script_xref(name:"RHSA", value:"2012:1326"); script_name(english:"Amazon Linux AMI : freeradius (ALAS-2012-131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2012-131.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update freeradius' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-unixODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"freeradius-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-debuginfo-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-krb5-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-ldap-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-mysql-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-perl-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-postgresql-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-python-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-unixODBC-2.1.12-4.11.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"freeradius-utils-2.1.12-4.11.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius / freeradius-debuginfo / freeradius-krb5 / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3BBBE3AAFBEB11E18BD80022156E8794.NASL description freeRADIUS security team reports : Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12. The issue was found by Timo Warns, and communicated to [email protected]. A sample exploit for the issue was included in the notification. The vulnerability was created in commit a368a6f4f4aaf on August 18, 2010. Vulnerable versions include 2.1.10, 2.1.11, and 2.1.12. Also anyone running the git last seen 2020-06-01 modified 2020-06-02 plugin id 62054 published 2012-09-12 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62054 title FreeBSD : freeradius -- arbitrary code execution for TLS-based authentication (3bbbe3aa-fbeb-11e1-8bd8-0022156e8794) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(62054); script_version("1.5"); script_cvs_date("Date: 2018/11/21 10:46:30"); script_cve_id("CVE-2012-3547"); script_name(english:"FreeBSD : freeradius -- arbitrary code execution for TLS-based authentication (3bbbe3aa-fbeb-11e1-8bd8-0022156e8794)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "freeRADIUS security team reports : Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12. The issue was found by Timo Warns, and communicated to [email protected]. A sample exploit for the issue was included in the notification. The vulnerability was created in commit a368a6f4f4aaf on August 18, 2010. Vulnerable versions include 2.1.10, 2.1.11, and 2.1.12. Also anyone running the git 'master' branch after August 18, 2010 is vulnerable. All sites using TLS-based EAP methods and the above versions are vulnerable. The only configuration change which can avoid the issue is to disable EAP-TLS, EAP-TTLS, and PEAP. An external attacker can use this vulnerability to over-write the stack frame of the RADIUS server, and cause it to crash. In addition, more sophisticated attacks may gain additional privileges on the system running the RADIUS server. This attack does not require local network access to the RADIUS server. It can be done by an attacker through a WiFi Access Point, so long as the Access Point is configured to use 802.1X authentication with the RADIUS server." ); # http://freeradius.org/security.html script_set_attribute( attribute:"see_also", value:"http://freeradius.org/security/" ); script_set_attribute( attribute:"see_also", value:"http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt" ); # https://vuxml.freebsd.org/freebsd/3bbbe3aa-fbeb-11e1-8bd8-0022156e8794.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?94c7f3fb" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:freeradius"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"freeradius>=2.1.10<2.1.12_2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-159.NASL description A vulnerability has been found and corrected in freeradius : Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 62425 published 2012-10-04 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62425 title Mandriva Linux Security Advisory : freeradius (MDVSA-2012:159) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:159. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(62425); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2012-3547"); script_bugtraq_id(55483); script_xref(name:"MDVSA", value:"2012:159"); script_name(english:"Mandriva Linux Security Advisory : freeradius (MDVSA-2012:159)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in freeradius : Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-unixODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freeradius-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freeradius1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreeradius-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreeradius1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2011", reference:"freeradius-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-krb5-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-ldap-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-mysql-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-postgresql-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-sqlite-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-unixODBC-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"freeradius-web-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64freeradius-devel-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64freeradius1-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libfreeradius-devel-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libfreeradius1-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1327.NASL description Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62407 published 2012-10-03 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62407 title RHEL 5 : freeradius2 (RHSA-2012:1327) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1327. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(62407); script_version ("1.16"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-3547"); script_bugtraq_id(55483); script_xref(name:"RHSA", value:"2012:1327"); script_name(english:"RHEL 5 : freeradius2 (RHSA-2012:1327)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1327" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3547" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-krb5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-unixODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1327"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-debuginfo-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-debuginfo-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-debuginfo-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius2 / freeradius2-debuginfo / freeradius2-krb5 / etc"); } }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-038.NASL description Updated freeradius packages fixes security vulnerabilities : It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied (CVE-2011-4966). Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). last seen 2020-06-01 modified 2020-06-02 plugin id 66052 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66052 title Mandriva Linux Security Advisory : freeradius (MDVSA-2013:038) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201311-09.NASL description The remote host is affected by the vulnerability described in GLSA-201311-09 (FreeRADIUS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeRADIUS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70869 published 2013-11-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70869 title GLSA-201311-09 : FreeRADIUS: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-15397.NASL description This updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow by processing This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-23 plugin id 62655 published 2012-10-23 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62655 title Fedora 17 : freeradius-2.2.0-0.fc17 (2012-15397) NASL family Fedora Local Security Checks NASL id FEDORA_2012-15342.NASL description This updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-24 plugin id 62668 published 2012-10-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62668 title Fedora 18 : freeradius-2.2.0-0.fc18 (2012-15342) NASL family Fedora Local Security Checks NASL id FEDORA_2012-15743.NASL description This updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-18 plugin id 62603 published 2012-10-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62603 title Fedora 16 : freeradius-2.2.0-0.fc16 (2012-15743) NASL family Scientific Linux Local Security Checks NASL id SL_20121002_FREERADIUS2_ON_SL5_X.NASL description FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-03-18 modified 2012-10-04 plugin id 62426 published 2012-10-04 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62426 title Scientific Linux Security Update : freeradius2 on SL5.x i386/x86_64 (20121002) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1326.NASL description Updated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62395 published 2012-10-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62395 title CentOS 6 : freeradius (CESA-2012:1326) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2546.NASL description Timo Warns discovered that the EAP-TLS handling of FreeRADIUS, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates. last seen 2020-03-17 modified 2012-09-12 plugin id 62049 published 2012-09-12 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62049 title Debian DSA-2546-1 : freeradius - stack-based buffer overflows NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1326.NASL description From Red Hat Security Advisory 2012:1326 : Updated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68633 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68633 title Oracle Linux 6 : freeradius (ELSA-2012-1326) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-616.NASL description This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code. last seen 2020-06-05 modified 2014-06-13 plugin id 74758 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74758 title openSUSE Security Update : freeradius (openSUSE-SU-2012:1200-1) NASL family Scientific Linux Local Security Checks NASL id SL_20121002_FREERADIUS_ON_SL6_X.NASL description FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-03-18 modified 2012-10-04 plugin id 62427 published 2012-10-04 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62427 title Scientific Linux Security Update : freeradius on SL6.x i386/x86_64 (20121002) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1326.NASL description Updated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62406 published 2012-10-03 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62406 title RHEL 6 : freeradius (RHSA-2012:1326)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html
- http://freeradius.org/security.html
- http://freeradius.org/security.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html
- http://osvdb.org/85325
- http://osvdb.org/85325
- http://rhn.redhat.com/errata/RHSA-2012-1326.html
- http://rhn.redhat.com/errata/RHSA-2012-1326.html
- http://rhn.redhat.com/errata/RHSA-2012-1327.html
- http://rhn.redhat.com/errata/RHSA-2012-1327.html
- http://secunia.com/advisories/50484
- http://secunia.com/advisories/50484
- http://secunia.com/advisories/50584
- http://secunia.com/advisories/50584
- http://secunia.com/advisories/50637
- http://secunia.com/advisories/50637
- http://secunia.com/advisories/50770
- http://secunia.com/advisories/50770
- http://www.debian.org/security/2012/dsa-2546
- http://www.debian.org/security/2012/dsa-2546
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:159
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:159
- http://www.openwall.com/lists/oss-security/2012/09/10/2
- http://www.openwall.com/lists/oss-security/2012/09/10/2
- http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt
- http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt
- http://www.securityfocus.com/bid/55483
- http://www.securityfocus.com/bid/55483
- http://www.securitytracker.com/id?1027509
- http://www.securitytracker.com/id?1027509
- http://www.ubuntu.com/usn/USN-1585-1
- http://www.ubuntu.com/usn/USN-1585-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78408
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78408