FreeRADIUS vulnerability

2012-09-2600:00:00

ubuntu.com

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.063 Low

EPSS

Percentile

93.5%

JSON

Releases

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04

Packages

freeradius - a high-performance and highly configurable RADIUS server

Details

Timo Warns discovered that FreeRADIUS incorrectly handled certain long
timestamps in client certificates. A remote attacker could exploit this
flaw and cause the FreeRADIUS server to crash, resulting in a denial of
service, or possibly execute arbitrary code.

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchfreeradius< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-dbg< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-iodbc< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-krb5< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-ldap< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-mysql< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-postgresql< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchfreeradius-utils< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibfreeradius-dev< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN
Ubuntu12.04noarchlibfreeradius2< 2.1.10+dfsg-3ubuntu0.12.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	12.04	noarch	freeradius	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-dbg	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-iodbc	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-krb5	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-ldap	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-mysql	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-postgresql	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	freeradius-utils	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	libfreeradius-dev	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN
Ubuntu	12.04	noarch	libfreeradius2	< 2.1.10+dfsg-3ubuntu0.12.04.1	UNKNOWN