Mandriva Update For Freeradius MDVSA-2012:047 (freeradius) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in freeradius: The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate (CVE-2011-2701). The updated packages have been patched to correct this issue.

Affected

freeradius on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2011-2701

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:213 (wxgtk)
Mandrake Security Advisory MDVSA-2009:007 (ntp)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:102 (apache)
Mandrake Security Advisory MDVSA-2009:063 (eog)

Mandriva Update for freeradius MDVSA-2012:047 (freeradius)

Take action and discover your vulnerabilities