Sicherheit: Pufferüberlauf in FreeRADIUS

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============2718602416102711084==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig1FE591F217C445B7E2FADE16"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1FE591F217C445B7E2FADE16
Content-Type: multipart/mixed;
boundary="------------080102010904070406020203"

This is a multi-part message in MIME format.
--------------080102010904070406020203
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1585-1
September 26, 2012

freeradius vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04

Summary:

FreeRADIUS could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- freeradius: a high-performance and highly configurable RADIUS server

Details:

Timo Warns discovered that FreeRADIUS incorrectly handled certain long
timestamps in client certificates. A remote attacker could exploit this
flaw and cause the FreeRADIUS server to crash, resulting in a denial of
service, or possibly execute arbitrary code.

The default compiler options for affected releases should reduce the
vulnerability to a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
freeradius 2.1.10+dfsg-3ubuntu0.12.04.1

Ubuntu 11.10:
freeradius 2.1.10+dfsg-3ubuntu0.11.10.1

Ubuntu 11.04:
freeradius 2.1.10+dfsg-2ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1585-1
CVE-2012-3547

Package Information:

https://launchpad.net/ubuntu/+source/freeradius/2.1.10+dfsg-3ubuntu0.12.04.1

https://launchpad.net/ubuntu/+source/freeradius/2.1.10+dfsg-3ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/freeradius/2.1.10+dfsg-2ubuntu2.1

--------------080102010904070406020203
Content-Type: text/plain; charset=UTF-8;
name="Attached Message Part"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Attached Message Part"

--------------080102010904070406020203--

--------------enig1FE591F217C445B7E2FADE16
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQYxTjAAoJEGVp2FWnRL6TV1cQALqzz8lZfI6fX0icEpjE23Uk
PzaRbAQHGD/iG/s8bJhEyO5oz9HM3tkQkzgGq/CmrCpRL1sGiC6VqpUv7VV8Pzrm
NSx9MuXkL4XjQMzPS9p3yHKAtpQun8y+n2ImLRipxCfBxFSiZNIoz3Erk9o3dziW
+S9bgQCDofvIEt+DtpLKntANZ5QkfRZS3ytCE90T3kmu05FEiY4LOh7gM4CotJK1
T4c8eu0pAKtypRu8fx2c5FdQAd4M9jEvtnID86QSdwvUHIf6r1fJOrkSl8C15Ez2
CxYMw6GD+GvtJbDoCiwoX+4/hHnwdnsTOBk4+sgFzpVkvxB2T/Ux1gcC59Y86oWY
y0QVq4KlIasX9UQ3AtRtMgYhuAFHFIJFQa6lkDZCQOT+AA8M/kVggfTaHwhUfAIR
TG0xp5OuXKdj0cwv3uNKZYnVgegHokJfgA1UsKl+qNkqqe3zsyROVXphVSaO0fFn
3DJFQ6hkKADhUbWhEh6FVosxMvb7z5G0SavM2rTxA/BaBlakaNWc871m6WYylsJt
5/oM4BQaYiw9go1J+SlL8erD6ZRvnL7hwhw/+wV2sjv6bR+Epuqt+Ysjb88eHi58
iMKUoj13X47av+dljwSFhm2UneW4H2kQmAcW1/VwPyytwZs6fTL73IpQq/YfTQIL
y9pVp/X8x+MM/x2L7AtS
=0Cw3
-----END PGP SIGNATURE-----

--------------enig1FE591F217C445B7E2FADE16--

--===============2718602416102711084==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2718602416102711084==--