Sicherheit: Mangelnde Prüfung von Zertifikaten in FreeRADIUS

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1333359011-2905-119

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:047
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freeradius
Date : April 2, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in freeradius:

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11,
when OCSP is enabled, does not properly parse replies from OCSP
responders, which allows remote attackers to bypass authentication
by using the EAP-TLS protocol with a revoked X.509 client certificate
(CVE-2011-2701).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2701
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
9592998224d1dd4546383ceb570d3604
2011/i586/freeradius-2.1.11-1.1-mdv2011.0.i586.rpm
c7ec70f99705f8791c08c7912455e720
2011/i586/freeradius-krb5-2.1.11-1.1-mdv2011.0.i586.rpm
ce2c6c629cc39a2f99c5b2d1abc29d9f
2011/i586/freeradius-ldap-2.1.11-1.1-mdv2011.0.i586.rpm
b5cec8d58961e87db88b3aa66c2c6df9
2011/i586/freeradius-mysql-2.1.11-1.1-mdv2011.0.i586.rpm
363cbe053c0543f9347039c8706df1c3
2011/i586/freeradius-postgresql-2.1.11-1.1-mdv2011.0.i586.rpm
c826e248100cf3d35b74020865762645
2011/i586/freeradius-sqlite-2.1.11-1.1-mdv2011.0.i586.rpm
7f07e2059fa79f504188253afdd77f78
2011/i586/freeradius-unixODBC-2.1.11-1.1-mdv2011.0.i586.rpm
7d8dbb6ef93d6cb29558f66d71083943
2011/i586/freeradius-web-2.1.11-1.1-mdv2011.0.i586.rpm
21426a8a40d24ba90242d3ce5e0b113b
2011/i586/libfreeradius1-2.1.11-1.1-mdv2011.0.i586.rpm
304f8ba5960f970b944369de8f842cdd
2011/i586/libfreeradius-devel-2.1.11-1.1-mdv2011.0.i586.rpm
2600944fccf85291c36e3da0c890d94e 2011/SRPMS/freeradius-2.1.11-1.1.src.rpm

Mandriva Linux 2011/X86_64:
49669a354bf8a8a6427c0bfe81b34c0c
2011/x86_64/freeradius-2.1.11-1.1-mdv2011.0.x86_64.rpm
6d47286995039b37481e1281728a48bf
2011/x86_64/freeradius-krb5-2.1.11-1.1-mdv2011.0.x86_64.rpm
90e7fa1c475b9ef529b699ed2398e70a
2011/x86_64/freeradius-ldap-2.1.11-1.1-mdv2011.0.x86_64.rpm
c63a69dc4d33bd93b770a0bbcaf244aa
2011/x86_64/freeradius-mysql-2.1.11-1.1-mdv2011.0.x86_64.rpm
38e7261e1efa0bcba37d639de9e8fed7
2011/x86_64/freeradius-postgresql-2.1.11-1.1-mdv2011.0.x86_64.rpm
f616bf3ee830937f0cc38796616b76c5
2011/x86_64/freeradius-sqlite-2.1.11-1.1-mdv2011.0.x86_64.rpm
9ede61aed21b46ec642b424265c247fc
2011/x86_64/freeradius-unixODBC-2.1.11-1.1-mdv2011.0.x86_64.rpm
a7fa64a62adb65f72ea3052a7b2795ac
2011/x86_64/freeradius-web-2.1.11-1.1-mdv2011.0.x86_64.rpm
6db99dc40f74f94c6d48931453ce27f6
2011/x86_64/lib64freeradius1-2.1.11-1.1-mdv2011.0.x86_64.rpm
4a7846bb6261b07a4430cb12a5b67ec7
2011/x86_64/lib64freeradius-devel-2.1.11-1.1-mdv2011.0.x86_64.rpm
2600944fccf85291c36e3da0c890d94e 2011/SRPMS/freeradius-2.1.11-1.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPeUYPmqjQ0CJFipgRAgkHAKDaoiL7/ihAA3bufPy+vys89WY0mQCdHZ9t
BolUuQnx/+8zAiGhNt87zsA=
=FZSY
-----END PGP SIGNATURE-----

------------=_1333359011-2905-119
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1333359011-2905-119--