Vulnerabilities > CVE-2012-3547 - Buffer Errors vulnerability in Freeradius 2.1.10/2.1.11/2.1.12

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
freeradius
CWE-119
nessus

Summary

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.

Vulnerable Configurations

Part Description Count
Application
Freeradius
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1327.NASL
    descriptionFrom Red Hat Security Advisory 2012:1327 : Updated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68634
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68634
    titleOracle Linux 5 : freeradius2 (ELSA-2012-1327)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:1327 and 
    # Oracle Linux Security Advisory ELSA-2012-1327 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68634);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2012-3547");
      script_bugtraq_id(55483);
      script_xref(name:"RHSA", value:"2012:1327");
    
      script_name(english:"Oracle Linux 5 : freeradius2 (ELSA-2012-1327)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:1327 :
    
    Updated freeradius2 packages that fix one security issue are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    FreeRADIUS is a high-performance and highly configurable free Remote
    Authentication Dial In User Service (RADIUS) server, designed to allow
    centralized authentication and authorization for a network.
    
    A buffer overflow flaw was discovered in the way radiusd handled the
    expiration date field in X.509 client certificates. A remote attacker
    could possibly use this flaw to crash radiusd if it were configured to
    use the certificate or TLS tunnelled authentication methods (such as
    EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)
    
    Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH
    for reporting this issue.
    
    Users of FreeRADIUS are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. After
    installing the update, radiusd will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-October/003058.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected freeradius2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freeradius2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"freeradius2-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"EL5", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius2 / freeradius2-krb5 / freeradius2-ldap / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1585-1.NASL
    descriptionTimo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62348
    published2012-09-27
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62348
    titleUbuntu 11.04 / 11.10 / 12.04 LTS : freeradius vulnerability (USN-1585-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1585-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62348);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-3547");
      script_bugtraq_id(55483);
      script_xref(name:"USN", value:"1585-1");
    
      script_name(english:"Ubuntu 11.04 / 11.10 / 12.04 LTS : freeradius vulnerability (USN-1585-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Timo Warns discovered that FreeRADIUS incorrectly handled certain long
    timestamps in client certificates. A remote attacker could exploit
    this flaw and cause the FreeRADIUS server to crash, resulting in a
    denial of service, or possibly execute arbitrary code.
    
    The default compiler options for affected releases should reduce the
    vulnerability to a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1585-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected freeradius package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freeradius");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04 / 11.10 / 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.04", pkgname:"freeradius", pkgver:"2.1.10+dfsg-2ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"freeradius", pkgver:"2.1.10+dfsg-3ubuntu0.11.10.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"freeradius", pkgver:"2.1.10+dfsg-3ubuntu0.12.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1327.NASL
    descriptionUpdated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id62396
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62396
    titleCentOS 5 : freeradius2 (CESA-2012:1327)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1327 and 
    # CentOS Errata and Security Advisory 2012:1327 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62396);
      script_version("1.8");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2012-3547");
      script_bugtraq_id(55483);
      script_xref(name:"RHSA", value:"2012:1327");
    
      script_name(english:"CentOS 5 : freeradius2 (CESA-2012:1327)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated freeradius2 packages that fix one security issue are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    FreeRADIUS is a high-performance and highly configurable free Remote
    Authentication Dial In User Service (RADIUS) server, designed to allow
    centralized authentication and authorization for a network.
    
    A buffer overflow flaw was discovered in the way radiusd handled the
    expiration date field in X.509 client certificates. A remote attacker
    could possibly use this flaw to crash radiusd if it were configured to
    use the certificate or TLS tunnelled authentication methods (such as
    EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)
    
    Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH
    for reporting this issue.
    
    Users of FreeRADIUS are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. After
    installing the update, radiusd will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-October/018905.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?42dce170"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected freeradius2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3547");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freeradius2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius2 / freeradius2-krb5 / freeradius2-ldap / etc");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SERVER_3_0.NASL
    descriptionThe remote Mac OS X host has a version of OS X Server installed that is prior to 3.0. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the included JSON Ruby Gem, which can be abused to exhaust all available memory resources. (CVE-2013-0269) - Multiple cross-site scripting vulnerabilities exist in the included Ruby on Rails software. (CVE-2013-1854 / CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857) - A buffer overflow exists in the included FreeRADIUS software that can be triggered when parsing the
    last seen2020-06-01
    modified2020-06-02
    plugin id70590
    published2013-10-24
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70590
    titleMac OS X : OS X Server < 3.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(70590);
      script_version("1.5");
      script_cvs_date("Date: 2018/07/14  1:59:36");
    
      script_cve_id(
        "CVE-2012-3547",
        "CVE-2013-0269",
        "CVE-2013-1854",
        "CVE-2013-1855",
        "CVE-2013-1856",
        "CVE-2013-1857",
        "CVE-2013-5143"
      );
      script_bugtraq_id(55483, 57899, 58549, 58552, 58554, 58555, 63285);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-5");
    
      script_name(english:"Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities");
      script_summary(english:"Checks OS X Server version.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote host is missing a security update for OS X Server."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Mac OS X host has a version of OS X Server installed that
    is prior to 3.0. It is, therefore, affected by the following
    vulnerabilities :
    
      - A denial of service vulnerability exists in the
        included JSON Ruby Gem, which can be abused to exhaust
        all available memory resources. (CVE-2013-0269)
    
      - Multiple cross-site scripting vulnerabilities exist in
        the included Ruby on Rails software. (CVE-2013-1854 /
        CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857)
    
      - A buffer overflow exists in the included FreeRADIUS
        software that can be triggered when parsing the 'not
        after' timestamp in a client certificate when using
        TLS-based EAP methods. (CVE-2012-3547)
    
      - A logic issue exists whereby the RADIUS service could
        choose an incorrect certificate from a list of
        configured certificates."
      );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5999");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X Server version 3.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:mac_os_x_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_server_services.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Server/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    version = get_kb_item_or_exit("MacOSX/Server/Version");
    
    fixed_version = "3.0";
    if (
      ereg(pattern:"Mac OS X 10\.[0-6]([^0-9]|$)", string:os) ||
      ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1
    )
    {
      set_kb_item(name:"www/0/XSS", value:TRUE);
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "OS X Server", version);
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2012-131.NASL
    descriptionA buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)
    last seen2020-06-01
    modified2020-06-02
    plugin id69621
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69621
    titleAmazon Linux AMI : freeradius (ALAS-2012-131)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2012-131.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69621);
      script_version("1.5");
      script_cvs_date("Date: 2018/04/18 15:09:34");
    
      script_cve_id("CVE-2012-3547");
      script_xref(name:"ALAS", value:"2012-131");
      script_xref(name:"RHSA", value:"2012:1326");
    
      script_name(english:"Amazon Linux AMI : freeradius (ALAS-2012-131)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow flaw was discovered in the way radiusd handled the
    expiration date field in X.509 client certificates. A remote attacker
    could possibly use this flaw to crash radiusd if it were configured to
    use the certificate or TLS tunnelled authentication methods (such as
    EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2012-131.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update freeradius' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:freeradius-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"freeradius-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-debuginfo-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-krb5-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-ldap-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-mysql-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-perl-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-postgresql-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-python-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-unixODBC-2.1.12-4.11.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"freeradius-utils-2.1.12-4.11.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius / freeradius-debuginfo / freeradius-krb5 / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3BBBE3AAFBEB11E18BD80022156E8794.NASL
    descriptionfreeRADIUS security team reports : Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12. The issue was found by Timo Warns, and communicated to [email protected]. A sample exploit for the issue was included in the notification. The vulnerability was created in commit a368a6f4f4aaf on August 18, 2010. Vulnerable versions include 2.1.10, 2.1.11, and 2.1.12. Also anyone running the git
    last seen2020-06-01
    modified2020-06-02
    plugin id62054
    published2012-09-12
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62054
    titleFreeBSD : freeradius -- arbitrary code execution for TLS-based authentication (3bbbe3aa-fbeb-11e1-8bd8-0022156e8794)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62054);
      script_version("1.5");
      script_cvs_date("Date: 2018/11/21 10:46:30");
    
      script_cve_id("CVE-2012-3547");
    
      script_name(english:"FreeBSD : freeradius -- arbitrary code execution for TLS-based authentication (3bbbe3aa-fbeb-11e1-8bd8-0022156e8794)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "freeRADIUS security team reports :
    
    Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12.
    
    The issue was found by Timo Warns, and communicated to
    [email protected]. A sample exploit for the issue was included
    in the notification.
    
    The vulnerability was created in commit a368a6f4f4aaf on August 18,
    2010. Vulnerable versions include 2.1.10, 2.1.11, and 2.1.12. Also
    anyone running the git 'master' branch after August 18, 2010 is
    vulnerable.
    
    All sites using TLS-based EAP methods and the above versions are
    vulnerable. The only configuration change which can avoid the issue is
    to disable EAP-TLS, EAP-TTLS, and PEAP.
    
    An external attacker can use this vulnerability to over-write the
    stack frame of the RADIUS server, and cause it to crash. In addition,
    more sophisticated attacks may gain additional privileges on the
    system running the RADIUS server.
    
    This attack does not require local network access to the RADIUS
    server. It can be done by an attacker through a WiFi Access Point, so
    long as the Access Point is configured to use 802.1X authentication
    with the RADIUS server."
      );
      # http://freeradius.org/security.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://freeradius.org/security/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
      );
      # https://vuxml.freebsd.org/freebsd/3bbbe3aa-fbeb-11e1-8bd8-0022156e8794.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?94c7f3fb"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:freeradius");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"freeradius>=2.1.10<2.1.12_2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-159.NASL
    descriptionA vulnerability has been found and corrected in freeradius : Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id62425
    published2012-10-04
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62425
    titleMandriva Linux Security Advisory : freeradius (MDVSA-2012:159)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:159. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62425);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-3547");
      script_bugtraq_id(55483);
      script_xref(name:"MDVSA", value:"2012:159");
    
      script_name(english:"Mandriva Linux Security Advisory : freeradius (MDVSA-2012:159)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability has been found and corrected in freeradius :
    
    Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
    2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
    attackers to cause a denial of service (server crash) and possibly
    execute arbitrary code via a long not after timestamp in a client
    certificate (CVE-2012-3547).
    
    The updated packages have been patched to correct this issue."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freeradius-web");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freeradius-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freeradius1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreeradius-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfreeradius1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"freeradius-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-krb5-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-ldap-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-mysql-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-postgresql-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-sqlite-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-unixODBC-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"freeradius-web-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64freeradius-devel-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64freeradius1-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libfreeradius-devel-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libfreeradius1-2.1.11-1.2-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1327.NASL
    descriptionUpdated freeradius2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id62407
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62407
    titleRHEL 5 : freeradius2 (RHSA-2012:1327)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1327. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62407);
      script_version ("1.16");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2012-3547");
      script_bugtraq_id(55483);
      script_xref(name:"RHSA", value:"2012:1327");
    
      script_name(english:"RHEL 5 : freeradius2 (RHSA-2012:1327)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated freeradius2 packages that fix one security issue are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    FreeRADIUS is a high-performance and highly configurable free Remote
    Authentication Dial In User Service (RADIUS) server, designed to allow
    centralized authentication and authorization for a network.
    
    A buffer overflow flaw was discovered in the way radiusd handled the
    expiration date field in X.509 client certificates. A remote attacker
    could possibly use this flaw to crash radiusd if it were configured to
    use the certificate or TLS tunnelled authentication methods (such as
    EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547)
    
    Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH
    for reporting this issue.
    
    Users of FreeRADIUS are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue. After
    installing the update, radiusd will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:1327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3547"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-unixODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:freeradius2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:1327";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-debuginfo-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-debuginfo-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-debuginfo-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-krb5-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-ldap-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-mysql-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-perl-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-postgresql-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-python-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-unixODBC-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"freeradius2-utils-2.1.12-4.el5_8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius2 / freeradius2-debuginfo / freeradius2-krb5 / etc");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-038.NASL
    descriptionUpdated freeradius packages fixes security vulnerabilities : It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied (CVE-2011-4966). Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547).
    last seen2020-06-01
    modified2020-06-02
    plugin id66052
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66052
    titleMandriva Linux Security Advisory : freeradius (MDVSA-2013:038)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201311-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201311-09 (FreeRADIUS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeRADIUS. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70869
    published2013-11-13
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70869
    titleGLSA-201311-09 : FreeRADIUS: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-15397.NASL
    descriptionThis updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow by processing This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-10-23
    plugin id62655
    published2012-10-23
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62655
    titleFedora 17 : freeradius-2.2.0-0.fc17 (2012-15397)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-15342.NASL
    descriptionThis updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-10-24
    plugin id62668
    published2012-10-24
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62668
    titleFedora 18 : freeradius-2.2.0-0.fc18 (2012-15342)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-15743.NASL
    descriptionThis updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-10-18
    plugin id62603
    published2012-10-18
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62603
    titleFedora 16 : freeradius-2.2.0-0.fc16 (2012-15743)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121002_FREERADIUS2_ON_SL5_X.NASL
    descriptionFreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-03-18
    modified2012-10-04
    plugin id62426
    published2012-10-04
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62426
    titleScientific Linux Security Update : freeradius2 on SL5.x i386/x86_64 (20121002)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1326.NASL
    descriptionUpdated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id62395
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62395
    titleCentOS 6 : freeradius (CESA-2012:1326)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2546.NASL
    descriptionTimo Warns discovered that the EAP-TLS handling of FreeRADIUS, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.
    last seen2020-03-17
    modified2012-09-12
    plugin id62049
    published2012-09-12
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62049
    titleDebian DSA-2546-1 : freeradius - stack-based buffer overflows
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1326.NASL
    descriptionFrom Red Hat Security Advisory 2012:1326 : Updated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id68633
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68633
    titleOracle Linux 6 : freeradius (ELSA-2012-1326)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-616.NASL
    descriptionThis update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code.
    last seen2020-06-05
    modified2014-06-13
    plugin id74758
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74758
    titleopenSUSE Security Update : freeradius (openSUSE-SU-2012:1200-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20121002_FREERADIUS_ON_SL6_X.NASL
    descriptionFreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-03-18
    modified2012-10-04
    plugin id62427
    published2012-10-04
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62427
    titleScientific Linux Security Update : freeradius on SL6.x i386/x86_64 (20121002)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1326.NASL
    descriptionUpdated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id62406
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62406
    titleRHEL 6 : freeradius (RHSA-2012:1326)

Redhat

advisories
  • bugzilla
    id852752
    titleCVE-2012-3547 freeradius: stack-based buffer overflow via long expiration date fields in client X509 certificates
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentfreeradius-postgresql is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326001
          • commentfreeradius-postgresql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881008
        • AND
          • commentfreeradius-perl is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326003
          • commentfreeradius-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881002
        • AND
          • commentfreeradius-ldap is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326005
          • commentfreeradius-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881014
        • AND
          • commentfreeradius-mysql is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326007
          • commentfreeradius-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881016
        • AND
          • commentfreeradius-utils is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326009
          • commentfreeradius-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881004
        • AND
          • commentfreeradius-unixODBC is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326011
          • commentfreeradius-unixODBC is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881006
        • AND
          • commentfreeradius-python is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326013
          • commentfreeradius-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881012
        • AND
          • commentfreeradius-krb5 is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326015
          • commentfreeradius-krb5 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881010
        • AND
          • commentfreeradius is earlier than 0:2.1.12-4.el6_3
            ovaloval:com.redhat.rhsa:tst:20121326017
          • commentfreeradius is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881018
    rhsa
    idRHSA-2012:1326
    released2012-10-02
    severityModerate
    titleRHSA-2012:1326: freeradius security update (Moderate)
  • bugzilla
    id852752
    titleCVE-2012-3547 freeradius: stack-based buffer overflow via long expiration date fields in client X509 certificates
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentfreeradius2-postgresql is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327001
          • commentfreeradius2-postgresql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327002
        • AND
          • commentfreeradius2-utils is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327003
          • commentfreeradius2-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327004
        • AND
          • commentfreeradius2-perl is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327005
          • commentfreeradius2-perl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327006
        • AND
          • commentfreeradius2-unixODBC is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327007
          • commentfreeradius2-unixODBC is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327008
        • AND
          • commentfreeradius2-ldap is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327009
          • commentfreeradius2-ldap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327010
        • AND
          • commentfreeradius2-krb5 is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327011
          • commentfreeradius2-krb5 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327012
        • AND
          • commentfreeradius2-mysql is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327013
          • commentfreeradius2-mysql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327014
        • AND
          • commentfreeradius2-python is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327015
          • commentfreeradius2-python is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327016
        • AND
          • commentfreeradius2 is earlier than 0:2.1.12-4.el5_8
            ovaloval:com.redhat.rhsa:tst:20121327017
          • commentfreeradius2 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327018
    rhsa
    idRHSA-2012:1327
    released2012-10-02
    severityModerate
    titleRHSA-2012:1327: freeradius2 security update (Moderate)
rpms
  • freeradius-0:2.1.12-4.el6_3
  • freeradius-debuginfo-0:2.1.12-4.el6_3
  • freeradius-krb5-0:2.1.12-4.el6_3
  • freeradius-ldap-0:2.1.12-4.el6_3
  • freeradius-mysql-0:2.1.12-4.el6_3
  • freeradius-perl-0:2.1.12-4.el6_3
  • freeradius-postgresql-0:2.1.12-4.el6_3
  • freeradius-python-0:2.1.12-4.el6_3
  • freeradius-unixODBC-0:2.1.12-4.el6_3
  • freeradius-utils-0:2.1.12-4.el6_3
  • freeradius2-0:2.1.12-4.el5_8
  • freeradius2-debuginfo-0:2.1.12-4.el5_8
  • freeradius2-krb5-0:2.1.12-4.el5_8
  • freeradius2-ldap-0:2.1.12-4.el5_8
  • freeradius2-mysql-0:2.1.12-4.el5_8
  • freeradius2-perl-0:2.1.12-4.el5_8
  • freeradius2-postgresql-0:2.1.12-4.el5_8
  • freeradius2-python-0:2.1.12-4.el5_8
  • freeradius2-unixODBC-0:2.1.12-4.el5_8
  • freeradius2-utils-0:2.1.12-4.el5_8