6.8 - MDVSA-2012:159

Executive Summary

Informations
Name	MDVSA-2012:159	First vendor Publication	2012-10-03
Vendor	Mandriva	Last vendor Modification	2012-10-03
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in freeradius:

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:159

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17822

Oval ID:	oval:org.mitre.oval:def:17822
Title:	USN-1585-1 -- freeradius vulnerability
Description:	FreeRADIUS could be made to crash or run programs if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-1585-1 CVE-2012-3547	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04	Product(s):	freeradius
Definition Synopsis:
Release section Ubuntu 12.04 is installed AND freeradius DPKG is earlier than 2.1.10+dfsg-3ubuntu0.12.04.1 AND Release section Ubuntu 11.10 is installed AND freeradius DPKG is earlier than 2.1.10+dfsg-3ubuntu0.11.10.1 AND Release section Ubuntu 11.04 is installed AND freeradius DPKG is earlier than 2.1.10+dfsg-2ubuntu2.1

Definition Id: oval:org.mitre.oval:def:18422

Oval ID:	oval:org.mitre.oval:def:18422
Title:	DSA-2546-1 freeradius - code execution
Description:	Timo Warns discovered that the EAP-TLS handling of FreeRADIUS, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.
Family:	unix	Class:	patch
Reference(s):	DSA-2546-1 CVE-2012-3547	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	freeradius
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND freeradius DPKG is earlier than 2.1.10+dfsg-2+squeeze1

Definition Id: oval:org.mitre.oval:def:21299

Oval ID:	oval:org.mitre.oval:def:21299
Title:	RHSA-2012:1327: freeradius2 security update (Moderate)
Description:	Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1327-00 CESA-2012:1327 CVE-2012-3547	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	freeradius2
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section freeradius2-python is earlier than 0:2.1.12-4.el5_8 AND freeradius2-unixODBC is earlier than 0:2.1.12-4.el5_8 AND freeradius2-krb5 is earlier than 0:2.1.12-4.el5_8 AND freeradius2 is earlier than 0:2.1.12-4.el5_8 AND freeradius2-perl is earlier than 0:2.1.12-4.el5_8 AND freeradius2-ldap is earlier than 0:2.1.12-4.el5_8 AND freeradius2-mysql is earlier than 0:2.1.12-4.el5_8 AND freeradius2-postgresql is earlier than 0:2.1.12-4.el5_8 AND freeradius2-utils is earlier than 0:2.1.12-4.el5_8

Definition Id: oval:org.mitre.oval:def:21574

Oval ID:	oval:org.mitre.oval:def:21574
Title:	RHSA-2012:1326: freeradius security update (Moderate)
Description:	Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1326-01 CESA-2012:1326 CVE-2012-3547	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	freeradius
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section freeradius-mysql is earlier than 0:2.1.12-4.el6_3 AND freeradius-perl is earlier than 0:2.1.12-4.el6_3 AND freeradius-unixODBC is earlier than 0:2.1.12-4.el6_3 AND freeradius-krb5 is earlier than 0:2.1.12-4.el6_3 AND freeradius-python is earlier than 0:2.1.12-4.el6_3 AND freeradius-utils is earlier than 0:2.1.12-4.el6_3 AND freeradius-ldap is earlier than 0:2.1.12-4.el6_3 AND freeradius-postgresql is earlier than 0:2.1.12-4.el6_3 AND freeradius is earlier than 0:2.1.12-4.el6_3

Definition Id: oval:org.mitre.oval:def:23265

Oval ID:	oval:org.mitre.oval:def:23265
Title:	ELSA-2012:1327: freeradius2 security update (Moderate)
Description:	Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1327-00 CVE-2012-3547	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	freeradius2
Definition Synopsis:
Oracle Linux 5.x rpm test freeradius2-python is earlier than 0:2.1.12-4.el5_8 AND freeradius2-unixODBC is earlier than 0:2.1.12-4.el5_8 AND freeradius2-krb5 is earlier than 0:2.1.12-4.el5_8 AND freeradius2 is earlier than 0:2.1.12-4.el5_8 AND freeradius2-perl is earlier than 0:2.1.12-4.el5_8 AND freeradius2-ldap is earlier than 0:2.1.12-4.el5_8 AND freeradius2-mysql is earlier than 0:2.1.12-4.el5_8 AND freeradius2-postgresql is earlier than 0:2.1.12-4.el5_8 AND freeradius2-utils is earlier than 0:2.1.12-4.el5_8

Definition Id: oval:org.mitre.oval:def:23865

Oval ID:	oval:org.mitre.oval:def:23865
Title:	ELSA-2012:1326: freeradius security update (Moderate)
Description:	Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1326-01 CVE-2012-3547	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	freeradius
Definition Synopsis:
Oracle Linux 6.x rpm test freeradius-mysql is earlier than 0:2.1.12-4.el6_3 AND freeradius-perl is earlier than 0:2.1.12-4.el6_3 AND freeradius-unixODBC is earlier than 0:2.1.12-4.el6_3 AND freeradius-krb5 is earlier than 0:2.1.12-4.el6_3 AND freeradius-python is earlier than 0:2.1.12-4.el6_3 AND freeradius-utils is earlier than 0:2.1.12-4.el6_3 AND freeradius-ldap is earlier than 0:2.1.12-4.el6_3 AND freeradius-postgresql is earlier than 0:2.1.12-4.el6_3 AND freeradius is earlier than 0:2.1.12-4.el6_3

Definition Id: oval:org.mitre.oval:def:27626

Oval ID:	oval:org.mitre.oval:def:27626
Title:	DEPRECATED: ELSA-2012-1326 -- freeradius security update (moderate)
Description:	[2.1.12-4] - resolves: bug#855316 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1326 CVE-2012-3547	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	freeradius
Definition Synopsis:
Oracle Linux 6.x Packages match section freeradius is earlier than 0:2.1.12-4.el6_3 AND freeradius-krb5 is earlier than 0:2.1.12-4.el6_3 AND freeradius-ldap is earlier than 0:2.1.12-4.el6_3 AND freeradius-mysql is earlier than 0:2.1.12-4.el6_3 AND freeradius-perl is earlier than 0:2.1.12-4.el6_3 AND freeradius-postgresql is earlier than 0:2.1.12-4.el6_3 AND freeradius-python is earlier than 0:2.1.12-4.el6_3 AND freeradius-unixODBC is earlier than 0:2.1.12-4.el6_3 AND freeradius-utils is earlier than 0:2.1.12-4.el6_3

Definition Id: oval:org.mitre.oval:def:27691

Oval ID:	oval:org.mitre.oval:def:27691
Title:	DEPRECATED: ELSA-2012-1327 -- freeradius2 security update (moderate)
Description:	[2.1.12-4] - resolves: bug#855315 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1327 CVE-2012-3547	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	freeradius2
Definition Synopsis:
Oracle Linux 5.x Packages match section freeradius2 is earlier than 0:2.1.12-4.el5_8 AND freeradius2-krb5 is earlier than 0:2.1.12-4.el5_8 AND freeradius2-ldap is earlier than 0:2.1.12-4.el5_8 AND freeradius2-mysql is earlier than 0:2.1.12-4.el5_8 AND freeradius2-perl is earlier than 0:2.1.12-4.el5_8 AND freeradius2-postgresql is earlier than 0:2.1.12-4.el5_8 AND freeradius2-python is earlier than 0:2.1.12-4.el5_8 AND freeradius2-unixODBC is earlier than 0:2.1.12-4.el5_8 AND freeradius2-utils is earlier than 0:2.1.12-4.el5_8

CPE : Common Platform Enumeration

Type	Description	Count
Application	Freeradius cpe:2.3:a:freeradius:freeradius:2.1.12:::::::* cpe:2.3:a:freeradius:freeradius:2.1.11:::::::* cpe:2.3:a:freeradius:freeradius:2.1.10:::::::*	3

OpenVAS Exploits

Date	Description
2012-12-13	Name : SuSE Update for freeradius openSUSE-SU-2012:1200-1 (freeradius) File : nvt/gb_suse_2012_1200_1.nasl
2012-10-23	Name : Fedora Update for freeradius FEDORA-2012-15397 File : nvt/gb_fedora_2012_15397_freeradius_fc17.nasl
2012-10-19	Name : Fedora Update for freeradius FEDORA-2012-15743 File : nvt/gb_fedora_2012_15743_freeradius_fc16.nasl
2012-10-05	Name : Mandriva Update for freeradius MDVSA-2012:159 (freeradius) File : nvt/gb_mandriva_MDVSA_2012_159.nasl
2012-10-03	Name : CentOS Update for freeradius CESA-2012:1326 centos6 File : nvt/gb_CESA-2012_1326_freeradius_centos6.nasl
2012-10-03	Name : CentOS Update for freeradius2 CESA-2012:1327 centos5 File : nvt/gb_CESA-2012_1327_freeradius2_centos5.nasl
2012-10-03	Name : RedHat Update for freeradius RHSA-2012:1326-01 File : nvt/gb_RHSA-2012_1326-01_freeradius.nasl
2012-10-03	Name : RedHat Update for freeradius2 RHSA-2012:1327-01 File : nvt/gb_RHSA-2012_1327-01_freeradius2.nasl
2012-09-27	Name : Ubuntu Update for freeradius USN-1585-1 File : nvt/gb_ubuntu_USN_1585_1.nasl
2012-09-15	Name : Debian Security Advisory DSA 2546-1 (freeradius) File : nvt/deb_2546_1.nasl
2012-09-15	Name : FreeBSD Ports: freeradius File : nvt/freebsd_freeradius6.nasl

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-616.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-09.nasl - Type : ACT_GATHER_INFO
2013-10-24	Name : The remote host is missing a security update for OS X Server. File : macosx_server_3_0.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-131.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1327.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1326.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-038.nasl - Type : ACT_GATHER_INFO
2012-10-24	Name : The remote Fedora host is missing a security update. File : fedora_2012-15342.nasl - Type : ACT_GATHER_INFO
2012-10-23	Name : The remote Fedora host is missing a security update. File : fedora_2012-15397.nasl - Type : ACT_GATHER_INFO
2012-10-18	Name : The remote Fedora host is missing a security update. File : fedora_2012-15743.nasl - Type : ACT_GATHER_INFO
2012-10-04	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-159.nasl - Type : ACT_GATHER_INFO
2012-10-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121002_freeradius_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-10-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121002_freeradius2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-10-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1326.nasl - Type : ACT_GATHER_INFO
2012-10-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1327.nasl - Type : ACT_GATHER_INFO
2012-10-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1327.nasl - Type : ACT_GATHER_INFO
2012-10-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1326.nasl - Type : ACT_GATHER_INFO
2012-09-27	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1585-1.nasl - Type : ACT_GATHER_INFO
2012-09-12	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3bbbe3aafbeb11e18bd80022156e8794.nasl - Type : ACT_GATHER_INFO
2012-09-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2546.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:43:12	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	8
CPE ID(s)	3
Openvas Exploit(s)	11
Nessus® Exploit(s)	20

	Related
6.8	CVE-2012-3547
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - MDVSA-2012:159

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU