CVE-2012-3547

Priority
Medium
Description
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
attackers to cause a denial of service (server crash) and possibly execute
arbitrary code via a long "not after" timestamp in a client certificate.
References
Bugs
Notes
 sbeattie> possibly mitigated by -fstack-protector
 sbeattie> upstream report claims 2.1.10-2.1.12 are only affected
Assigned-to
mdeslaur
Package
Upstream:released (2.2.0)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.1.12+dfsg-1.1)
Patches:
Upstream:https://github.com/alandekok/freeradius-server/commit/78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4
More Information

Updated: 2017-12-15 20:30:00 UTC (commit 13913)