Mandriva Linux Security Advisory 2012-047

Mandriva Linux Security Advisory 2012-047: Posted Apr 2, 2012; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2012-047 - The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. The updated packages have been patched to correct this issue.; tags | advisory, remote, protocol; systems | linux, mandriva; advisories | CVE-2011-2701; SHA-256 | 993d182b26662e6aa300645b83f0d7ecd09a0a5eab170d2d1d2c3096abf64879; Download | Favorite | View

Mandriva Linux Security Advisory 2012-047

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:047
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : freeradius
 Date    : April 2, 2012
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in freeradius:
 
 The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11,
 when OCSP is enabled, does not properly parse replies from OCSP
 responders, which allows remote attackers to bypass authentication
 by using the EAP-TLS protocol with a revoked X.509 client certificate
 (CVE-2011-2701).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2701
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 9592998224d1dd4546383ceb570d3604  2011/i586/freeradius-2.1.11-1.1-mdv2011.0.i586.rpm
 c7ec70f99705f8791c08c7912455e720  2011/i586/freeradius-krb5-2.1.11-1.1-mdv2011.0.i586.rpm
 ce2c6c629cc39a2f99c5b2d1abc29d9f  2011/i586/freeradius-ldap-2.1.11-1.1-mdv2011.0.i586.rpm
 b5cec8d58961e87db88b3aa66c2c6df9  2011/i586/freeradius-mysql-2.1.11-1.1-mdv2011.0.i586.rpm
 363cbe053c0543f9347039c8706df1c3  2011/i586/freeradius-postgresql-2.1.11-1.1-mdv2011.0.i586.rpm
 c826e248100cf3d35b74020865762645  2011/i586/freeradius-sqlite-2.1.11-1.1-mdv2011.0.i586.rpm
 7f07e2059fa79f504188253afdd77f78  2011/i586/freeradius-unixODBC-2.1.11-1.1-mdv2011.0.i586.rpm
 7d8dbb6ef93d6cb29558f66d71083943  2011/i586/freeradius-web-2.1.11-1.1-mdv2011.0.i586.rpm
 21426a8a40d24ba90242d3ce5e0b113b  2011/i586/libfreeradius1-2.1.11-1.1-mdv2011.0.i586.rpm
 304f8ba5960f970b944369de8f842cdd  2011/i586/libfreeradius-devel-2.1.11-1.1-mdv2011.0.i586.rpm 
 2600944fccf85291c36e3da0c890d94e  2011/SRPMS/freeradius-2.1.11-1.1.src.rpm

 Mandriva Linux 2011/X86_64:
 49669a354bf8a8a6427c0bfe81b34c0c  2011/x86_64/freeradius-2.1.11-1.1-mdv2011.0.x86_64.rpm
 6d47286995039b37481e1281728a48bf  2011/x86_64/freeradius-krb5-2.1.11-1.1-mdv2011.0.x86_64.rpm
 90e7fa1c475b9ef529b699ed2398e70a  2011/x86_64/freeradius-ldap-2.1.11-1.1-mdv2011.0.x86_64.rpm
 c63a69dc4d33bd93b770a0bbcaf244aa  2011/x86_64/freeradius-mysql-2.1.11-1.1-mdv2011.0.x86_64.rpm
 38e7261e1efa0bcba37d639de9e8fed7  2011/x86_64/freeradius-postgresql-2.1.11-1.1-mdv2011.0.x86_64.rpm
 f616bf3ee830937f0cc38796616b76c5  2011/x86_64/freeradius-sqlite-2.1.11-1.1-mdv2011.0.x86_64.rpm
 9ede61aed21b46ec642b424265c247fc  2011/x86_64/freeradius-unixODBC-2.1.11-1.1-mdv2011.0.x86_64.rpm
 a7fa64a62adb65f72ea3052a7b2795ac  2011/x86_64/freeradius-web-2.1.11-1.1-mdv2011.0.x86_64.rpm
 6db99dc40f74f94c6d48931453ce27f6  2011/x86_64/lib64freeradius1-2.1.11-1.1-mdv2011.0.x86_64.rpm
 4a7846bb6261b07a4430cb12a5b67ec7  2011/x86_64/lib64freeradius-devel-2.1.11-1.1-mdv2011.0.x86_64.rpm 
 2600944fccf85291c36e3da0c890d94e  2011/SRPMS/freeradius-2.1.11-1.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPeUYPmqjQ0CJFipgRAgkHAKDaoiL7/ihAA3bufPy+vys89WY0mQCdHZ9t
BolUuQnx/+8zAiGhNt87zsA=
=FZSY
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 285 files
Ubuntu 67 files
Debian 24 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 7 files
Milad Karimi 5 files
Google Security Research 4 files
tmrswrr 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

Mandriva Linux Security Advisory 2012-047

Mandriva Linux Security Advisory 2012-047

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mandriva Linux Security Advisory 2012-047

Share This

Mandriva Linux Security Advisory 2012-047

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems