Lucene search
Ubuntu.comUB:CVE-2012-3547HistorySep 18, 2012 - 12:00 a.m.
CVE-2012-3547
2012-09-1800:00:00
ubuntu.com
ubuntu.com
5
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.063 Low
EPSS
Percentile
93.5%
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
attackers to cause a denial of service (server crash) and possibly execute
arbitrary code via a long “not after” timestamp in a client certificate.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687175>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3547>
Notes
| Author | Note |
|---|---|
| sbeattie | possibly mitigated by -fstack-protector upstream report claims 2.1.10-2.1.12 are only affected |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 11.04 | noarch | freeradius | < 2.1.10+dfsg-2ubuntu2.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | freeradius | < 2.1.10+dfsg-3ubuntu0.11.10.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | freeradius | < 2.1.10+dfsg-3ubuntu0.12.04.1 | UNKNOWN |
Related
openvas
openvas
Mandriva Update for freeradius MDVSA-2012:159 (freeradius)
2012-10-05 00:00:00
RedHat Update for freeradius2 RHSA-2012:1327-01
2012-10-03 00:00:00
CentOS Update for freeradius2 CESA-2012:1327 centos5
2012-10-03 00:00:00
nessus
nessus
Oracle Linux 5 : freeradius2 (ELSA-2012-1327)
2013-07-12 00:00:00
Mandriva Linux Security Advisory : freeradius (MDVSA-2012:159)
2012-10-04 00:00:00
openSUSE Security Update : freeradius (openSUSE-SU-2012:1200-1)
2014-06-13 00:00:00
suse
suse
freeradius: fix stack overflow in TLS handling (important)
2012-09-18 11:08:34
amazon
amazon
Medium: freeradius
2012-10-08 10:40:00
debian
debian
[SECURITY] [DSA 2546-1] freeradius security update
2012-09-11 18:38:27
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:58:21
redhat
redhat
(RHSA-2012:1327) Moderate: freeradius2 security update
2012-10-02 00:00:00
(RHSA-2012:1326) Moderate: freeradius security update
2012-10-02 00:00:00
securityvulns
securityvulns
FreeRADIUS buffer overflow
2012-09-18 00:00:00
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
2012-09-18 00:00:00
[SECURITY] [DSA 2546-1] freeradius security update
2012-09-18 00:00:00
cve
cve
CVE-2012-3547
2012-09-18 17:55:00
oraclelinux
oraclelinux
freeradius2 security update
2012-10-02 00:00:00
freeradius security update
2012-10-02 00:00:00
freeradius2 security and bug fix update
2013-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: freeradius-2.2.0-0.fc16
2012-10-18 00:21:31
[SECURITY] Fedora 18 Update: freeradius-2.2.0-0.fc18
2012-10-23 08:45:12
[SECURITY] Fedora 17 Update: freeradius-2.2.0-0.fc17
2012-10-23 01:50:38
freebsd
freebsd
freeradius -- arbitrary code execution for TLS-based authentication
2012-09-10 00:00:00
ubuntu
ubuntu
FreeRADIUS vulnerability
2012-09-26 00:00:00
centos
centos
freeradius2 security update
2012-10-03 01:47:30
freeradius security update
2012-10-03 03:29:55
checkpoint_advisories
checkpoint_advisories
altlinux
altlinux
debiancve
debiancve
CVE-2012-3547
2012-09-18 17:55:00
prion
prion
Stack overflow
2012-09-18 17:55:00
gentoo
gentoo
FreeRADIUS: Multiple vulnerabilities
2013-11-13 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.063 Low
EPSS
Percentile
93.5%
Related for UB:CVE-2012-3547