Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 434802 (CVE-2012-3547)

Summary: <net-dialup/freeradius-2.2.0: buffer overflow vulnerability (CVE-2012-3547)
Product: Gentoo Security Reporter: Stefan Sakalik <rabbit6440>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: flameeyes, net-dialup, polynomial-c
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt.
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 386183    
Attachments:
Description Flags
Patch to CVE-2012-3547 none

Description Stefan Sakalik 2012-09-12 07:41:44 UTC
A critical bug in freeradius-2.1.11-r1 (newest unmasked to date) allows to execute arbitrary code on the server.

Reproducible: Always
Comment 1 Stefan Sakalik 2012-09-12 07:45:25 UTC
Created attachment 323580 [details, diff]
Patch to CVE-2012-3547

This patch is insipred by git fix in git://git.freeradius.org/freeradius-server.git , commit 684dce7da5fd078. Works with freeradius-2.1.11-r1.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-09-19 01:51:57 UTC
CVE-2012-3547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3547):
  Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
  2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
  attackers to cause a denial of service (server crash) and possibly execute
  arbitrary code via a long "not after" timestamp in a client certificate.
Comment 3 Anton Bolshakov 2012-09-21 13:33:29 UTC
Just in case if you want to bump freeradius-2.2.0 in the same time, you need to add the following:

< 	econf --disable-static --disable-ltdl-install --with-system-libtool \
---
> 	econf --disable-static --disable-ltdl-install --with-system-libtool --with-system-libltdl \

It won't compile without the "--with-system-libltdl" option.
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2012-09-30 04:13:09 UTC
Okay I'm going to look into these and most likely fix them with 2.2.0.
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2012-09-30 07:10:18 UTC
2.2.0 is in. You can probably proceed from here, can't be worse than the current stable...
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-30 21:56:32 UTC
(In reply to comment #5)
> 2.2.0 is in. You can probably proceed from here, can't be worse than the
> current stable...

Thanks, Diego.

Arches, please test and mark stable: =net-dialup/freeradius-2.2.0
Comment 7 Andreas Schürch gentoo-dev 2012-10-02 09:58:45 UTC
x86 done.
Comment 8 Agostino Sarubbo gentoo-dev 2012-10-03 10:29:53 UTC
amd64 stable
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2012-10-03 11:11:39 UTC
Thanks, everyone.

GLSA draft is ready for review.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-11-13 11:58:55 UTC
This issue was resolved and addressed in
 GLSA 201311-09 at http://security.gentoo.org/glsa/glsa-201311-09.xml
by GLSA coordinator Sergey Popov (pinkbyte).