Mandriva Update For Freeradius MDVSA-2012:159 (freeradius) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in freeradius: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547). The updated packages have been patched to correct this issue.

Affected

freeradius on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-3547

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:069 (curl)
Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:010 (qemu)
Mandrake Security Advisory MDVSA-2009:017 (kdebase)
Mandrake Security Advisory MDVSA-2009:176 (git)

Mandriva Update for freeradius MDVSA-2012:159 (freeradius)

Take action and discover your vulnerabilities