Computer Security
[EN] securityvulns.ru no-pyccku


FreeRADIUS buffer overflow
Published:18.09.2012
Source:
SecurityVulns ID:12585
Type:remote
Threat Level:
6/10
Description:Buffer overflow on EAP-TLS processing.
Affected:FREERADIUS : FreeRADIUS 2.1
CVE:CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.)
Original documentdocumentTimo Warns, [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods (18.09.2012)
 documentDEBIAN, [SECURITY] [DSA 2546-1] freeradius security update (18.09.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod