Published: 18/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 up to and including 2.1.12, when using TLS-based EAP methods, allows remote malicious users to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeradius freeradius 2.1.10
freeradius freeradius 2.1.12
freeradius freeradius 2.1.11

Debian Bug report logs - #687175 freeradius: CVE-2012-3547 stack-based buffer overflow in EAP-TLS handling Package: freeradius; Maintainer for freeradius is Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers@listsaliothdebianorg>; Source for freeradius is src:freeradius (PTS, buildd, popcon) Reported by: Nico Go ...

FreeRADIUS could be made to crash or run programs if it received specially crafted network traffic ...

Synopsis Moderate: freeradius security update Type/Severity Security Advisory: Moderate Topic Updated freeradius packages that fix one security issue are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabi ...

Synopsis Moderate: freeradius2 security update Type/Severity Security Advisory: Moderate Topic Updated freeradius2 packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnera ...

A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X509 client certificates A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP) (CVE-2012-3547) ...

CWE-119 http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html http://secunia.com/advisories/50584 http://freeradius.org/security.html http://www.openwall.com/lists/oss-security/2012/09/10/2 http://www.debian.org/security/2012/dsa-2546 http://www.securitytracker.com/id?1027509 http://www.securityfocus.com/bid/55483 http://secunia.com/advisories/50484 http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt http://osvdb.org/85325 http://www.ubuntu.com/usn/USN-1585-1 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2012-1327.html http://rhn.redhat.com/errata/RHSA-2012-1326.html http://secunia.com/advisories/50637 http://secunia.com/advisories/50770 http://www.mandriva.com/security/advisories?name=MDVSA-2012:159 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html https://exchange.xforce.ibmcloud.com/vulnerabilities/78408 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687175 https://usn.ubuntu.com/1585-1/https://nvd.nist.gov

CVE-2012-3547

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect