Executive Summary

Informations
Name MDVSA-2013:038 First vendor Publication 2013-04-05
Vendor Mandriva Last vendor Modification 2013-04-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated freeradius packages fixes security vulnerabilities:

It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied (CVE-2011-4966).

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:038

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-255 Credentials Management
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17822
 
Oval ID: oval:org.mitre.oval:def:17822
Title: USN-1585-1 -- freeradius vulnerability
Description: FreeRADIUS could be made to crash or run programs if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1585-1
CVE-2012-3547
 Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18422
 
Oval ID: oval:org.mitre.oval:def:18422
Title: DSA-2546-1 freeradius - code execution
Description: Timo Warns discovered that the EAP-TLS handling of FreeRADIUS, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.
Family: unix Class: patch
Reference(s): DSA-2546-1
CVE-2012-3547
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20824
 
Oval ID: oval:org.mitre.oval:def:20824
Title: RHSA-2013:0134: freeradius2 security and bug fix update (Low)
Description: modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
Family: unix Class: patch
Reference(s): RHSA-2013:0134-00
CESA-2013:0134
CVE-2011-4966
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): freeradius2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21299
 
Oval ID: oval:org.mitre.oval:def:21299
Title: RHSA-2012:1327: freeradius2 security update (Moderate)
Description: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family: unix Class: patch
Reference(s): RHSA-2012:1327-00
CESA-2012:1327
CVE-2012-3547
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): freeradius2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21574
 
Oval ID: oval:org.mitre.oval:def:21574
Title: RHSA-2012:1326: freeradius security update (Moderate)
Description: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family: unix Class: patch
Reference(s): RHSA-2012:1326-01
CESA-2012:1326
CVE-2012-3547
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23215
 
Oval ID: oval:org.mitre.oval:def:23215
Title: ELSA-2013:0134: freeradius2 security and bug fix update (Low)
Description: modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
Family: unix Class: patch
Reference(s): ELSA-2013:0134-00
CVE-2011-4966
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): freeradius2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23265
 
Oval ID: oval:org.mitre.oval:def:23265
Title: ELSA-2012:1327: freeradius2 security update (Moderate)
Description: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family: unix Class: patch
Reference(s): ELSA-2012:1327-00
CVE-2012-3547
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): freeradius2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23865
 
Oval ID: oval:org.mitre.oval:def:23865
Title: ELSA-2012:1326: freeradius security update (Moderate)
Description: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Family: unix Class: patch
Reference(s): ELSA-2012:1326-01
CVE-2012-3547
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26162
 
Oval ID: oval:org.mitre.oval:def:26162
Title: SUSE-SU-2013:0356-1 -- Security update for freeradius
Description: This update for freeradius-server provides the following fixes and improvements: * Increase the vendor IDs limit from 32767 to 65535 (bnc#791666) * Fix issues with escaping special characters in password (bnc#797515) * Respect expired passwords and accounts when using the unix module (bnc#797313, CVE-2011-4966). Security Issue reference: * CVE-2011-4966 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0356-1
CVE-2011-4966
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27139
 
Oval ID: oval:org.mitre.oval:def:27139
Title: DEPRECATED: ELSA-2013-0134 -- freeradius2 security and bug fix update (low)
Description: [2.1.12-5] - resolves: bug#855308 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation
Family: unix Class: patch
Reference(s): ELSA-2013-0134
CVE-2011-4966
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): freeradius2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27626
 
Oval ID: oval:org.mitre.oval:def:27626
Title: DEPRECATED: ELSA-2012-1326 -- freeradius security update (moderate)
Description: [2.1.12-4] - resolves: bug#855316 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation
Family: unix Class: patch
Reference(s): ELSA-2012-1326
CVE-2012-3547
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): freeradius
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27691
 
Oval ID: oval:org.mitre.oval:def:27691
Title: DEPRECATED: ELSA-2012-1327 -- freeradius2 security update (moderate)
Description: [2.1.12-4] - resolves: bug#855315 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation
Family: unix Class: patch
Reference(s): ELSA-2012-1327
CVE-2012-3547
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): freeradius2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 54

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for freeradius openSUSE-SU-2012:1200-1 (freeradius)
File : nvt/gb_suse_2012_1200_1.nasl
2012-10-23 Name : Fedora Update for freeradius FEDORA-2012-15397
File : nvt/gb_fedora_2012_15397_freeradius_fc17.nasl
2012-10-19 Name : Fedora Update for freeradius FEDORA-2012-15743
File : nvt/gb_fedora_2012_15743_freeradius_fc16.nasl
2012-10-05 Name : Mandriva Update for freeradius MDVSA-2012:159 (freeradius)
File : nvt/gb_mandriva_MDVSA_2012_159.nasl
2012-10-03 Name : CentOS Update for freeradius CESA-2012:1326 centos6
File : nvt/gb_CESA-2012_1326_freeradius_centos6.nasl
2012-10-03 Name : CentOS Update for freeradius2 CESA-2012:1327 centos5
File : nvt/gb_CESA-2012_1327_freeradius2_centos5.nasl
2012-10-03 Name : RedHat Update for freeradius RHSA-2012:1326-01
File : nvt/gb_RHSA-2012_1326-01_freeradius.nasl
2012-10-03 Name : RedHat Update for freeradius2 RHSA-2012:1327-01
File : nvt/gb_RHSA-2012_1327-01_freeradius2.nasl
2012-09-27 Name : Ubuntu Update for freeradius USN-1585-1
File : nvt/gb_ubuntu_USN_1585_1.nasl
2012-09-15 Name : Debian Security Advisory DSA 2546-1 (freeradius)
File : nvt/deb_2546_1.nasl
2012-09-15 Name : FreeBSD Ports: freeradius
File : nvt/freebsd_freeradius6.nasl

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-37.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-616.nasl - Type : ACT_GATHER_INFO
2014-02-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2122-1.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-09.nasl - Type : ACT_GATHER_INFO
2013-10-24 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_3_0.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-131.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1326.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0134.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1327.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-038.nasl - Type : ACT_GATHER_INFO
2013-02-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freeradius-server-130122.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0134.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130108_freeradius2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0134.nasl - Type : ACT_GATHER_INFO
2012-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2012-15342.nasl - Type : ACT_GATHER_INFO
2012-10-23 Name : The remote Fedora host is missing a security update.
File : fedora_2012-15397.nasl - Type : ACT_GATHER_INFO
2012-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2012-15743.nasl - Type : ACT_GATHER_INFO
2012-10-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121002_freeradius2_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-10-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121002_freeradius_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-10-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-159.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1327.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1326.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1327.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1326.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1585-1.nasl - Type : ACT_GATHER_INFO
2012-09-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2546.nasl - Type : ACT_GATHER_INFO
2012-09-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_3bbbe3aafbeb11e18bd80022156e8794.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:43:23
  • Multiple Updates
2013-04-05 17:17:20
  • First insertion