LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:047: freeradius Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in freeradius: The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:047
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freeradius
 Date    : April 2, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in freeradius:
 
 The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11,
 when OCSP is enabled, does not properly parse replies from OCSP
 responders, which allows remote attackers to bypass authentication
 by using the EAP-TLS protocol with a revoked X.509 client certificate
 (CVE-2011-2701).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2701
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 9592998224d1dd4546383ceb570d3604  2011/i586/freeradius-2.1.11-1.1-mdv2011.0.i586.rpm
 c7ec70f99705f8791c08c7912455e720  2011/i586/freeradius-krb5-2.1.11-1.1-mdv2011.0.i586.rpm
 ce2c6c629cc39a2f99c5b2d1abc29d9f  2011/i586/freeradius-ldap-2.1.11-1.1-mdv2011.0.i586.rpm
 b5cec8d58961e87db88b3aa66c2c6df9  2011/i586/freeradius-mysql-2.1.11-1.1-mdv2011.0.i586.rpm
 363cbe053c0543f9347039c8706df1c3  2011/i586/freeradius-postgresql-2.1.11-1.1-mdv2011.0.i586.rpm
 c826e248100cf3d35b74020865762645  2011/i586/freeradius-sqlite-2.1.11-1.1-mdv2011.0.i586.rpm
 7f07e2059fa79f504188253afdd77f78  2011/i586/freeradius-unixODBC-2.1.11-1.1-mdv2011.0.i586.rpm
 7d8dbb6ef93d6cb29558f66d71083943  2011/i586/freeradius-web-2.1.11-1.1-mdv2011.0.i586.rpm
 21426a8a40d24ba90242d3ce5e0b113b  2011/i586/libfreeradius1-2.1.11-1.1-mdv2011.0.i586.rpm
 304f8ba5960f970b944369de8f842cdd  2011/i586/libfreeradius-devel-2.1.11-1.1-mdv2011.0.i586.rpm 
 2600944fccf85291c36e3da0c890d94e  2011/SRPMS/freeradius-2.1.11-1.1.src.rpm

 Mandriva Linux 2011/X86_64:
 49669a354bf8a8a6427c0bfe81b34c0c  2011/x86_64/freeradius-2.1.11-1.1-mdv2011.0.x86_64.rpm
 6d47286995039b37481e1281728a48bf  2011/x86_64/freeradius-krb5-2.1.11-1.1-mdv2011.0.x86_64.rpm
 90e7fa1c475b9ef529b699ed2398e70a  2011/x86_64/freeradius-ldap-2.1.11-1.1-mdv2011.0.x86_64.rpm
 c63a69dc4d33bd93b770a0bbcaf244aa  2011/x86_64/freeradius-mysql-2.1.11-1.1-mdv2011.0.x86_64.rpm
 38e7261e1efa0bcba37d639de9e8fed7  2011/x86_64/freeradius-postgresql-2.1.11-1.1-mdv2011.0.x86_64.rpm
 f616bf3ee830937f0cc38796616b76c5  2011/x86_64/freeradius-sqlite-2.1.11-1.1-mdv2011.0.x86_64.rpm
 9ede61aed21b46ec642b424265c247fc  2011/x86_64/freeradius-unixODBC-2.1.11-1.1-mdv2011.0.x86_64.rpm
 a7fa64a62adb65f72ea3052a7b2795ac  2011/x86_64/freeradius-web-2.1.11-1.1-mdv2011.0.x86_64.rpm
 6db99dc40f74f94c6d48931453ce27f6  2011/x86_64/lib64freeradius1-2.1.11-1.1-mdv2011.0.x86_64.rpm
 4a7846bb6261b07a4430cb12a5b67ec7  2011/x86_64/lib64freeradius-devel-2.1.11-1.1-mdv2011.0.x86_64.rpm 
 2600944fccf85291c36e3da0c890d94e  2011/SRPMS/freeradius-2.1.11-1.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.