CVE-2012-3547

Priority
Description
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
attackers to cause a denial of service (server crash) and possibly execute
arbitrary code via a long "not after" timestamp in a client certificate.
Assigned-to
mdeslaur
Notes
sbeattiepossibly mitigated by -fstack-protector
upstream report claims 2.1.10-2.1.12 are only affected
Package
Upstream:released (2.2.0)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.1.12+dfsg-1.1)
Patches:
Upstream:https://github.com/alandekok/freeradius-server/commit/78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#stack-protector
More Information

Updated: 2020-09-10 02:11:23 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)