LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

freeradius: code execution

Package(s):freeradius CVE #(s):CVE-2012-3547
Created:September 12, 2012 Updated:January 14, 2013
Description: From the Debian advisory:

Timo Warns discovered that the EAP-TLS handling of freeradius, a high-performance and highly configurable RADIUS server, is not properly performing length checks on user-supplied input before copying to a local stack buffer. As a result, an unauthenticated attacker can exploit this flaw to crash the daemon or execute arbitrary code via crafted certificates.

Alerts:
Debian DSA-2546-1 2012-09-11
openSUSE openSUSE-SU-2012:1200-1 2012-09-18
Ubuntu USN-1585-1 2012-09-26
Red Hat RHSA-2012:1326-01 2012-10-02
Red Hat RHSA-2012:1327-01 2012-10-02
Scientific Linux SL-free-20121003 2012-10-03
Oracle ELSA-2012-1326 2012-10-02
CentOS CESA-2012:1327 2012-10-03
CentOS CESA-2012:1326 2012-10-03
Mandriva MDVSA-2012:159 2012-10-03
Scientific Linux SL-free-20121003 2012-10-03
Oracle ELSA-2012-1327 2012-10-03
Fedora FEDORA-2012-15743 2012-10-18
Fedora FEDORA-2012-15397 2012-10-23
Mageia MGASA-2012-0304 2012-10-29
Oracle ELSA-2013-0134 2013-01-12
Mandriva MDVSA-2013:038 2013-04-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds