CVE-2012-3547

Priority
Medium
Description
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
attackers to cause a denial of service (server crash) and possibly execute
arbitrary code via a long "not after" timestamp in a client certificate.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547
http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt
http://seclists.org/fulldisclosure/2012/Sep/83
http://www.ubuntu.com/usn/usn-1585-1
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687175
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3547
Notes
sbeattie> possibly mitigated by -fstack-protector
sbeattie> upstream report claims 2.1.10-2.1.12 are only affected
Assigned-to
mdeslaur
Package
Source: freeradius (LP Ubuntu Debian)
Upstream:released (2.2.0)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 11.04 (Natty Narwhal):released (2.1.10+dfsg-2ubuntu2.1)
Ubuntu 11.10 (Oneiric Ocelot):released (2.1.10+dfsg-3ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.1.10+dfsg-3ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (2.1.12+dfsg-1.1)
Patches:
Upstream:https://github.com/alandekok/freeradius-server/commit/78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-26 15:14:27 UTC (commit 5820)