Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434802 (CVE-2012-3547) - <net-dialup/freeradius-2.2.0: buffer overflow vulnerability (CVE-2012-3547)
Summary: <net-dialup/freeradius-2.2.0: buffer overflow vulnerability (CVE-2012-3547)
Status: RESOLVED FIXED
Alias: CVE-2012-3547
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: http://www.pre-cert.de/advisories/PRE...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: CVE-2011-2701
  Show dependency tree
 
Reported: 2012-09-12 07:41 UTC by Stefan Sakalik
Modified: 2013-11-13 11:58 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch to CVE-2012-3547 (freeradius-2.1.10-cve2012-3547.patch,591 bytes, patch)
2012-09-12 07:45 UTC, Stefan Sakalik
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Sakalik 2012-09-12 07:41:44 UTC
A critical bug in freeradius-2.1.11-r1 (newest unmasked to date) allows to execute arbitrary code on the server.

Reproducible: Always
Comment 1 Stefan Sakalik 2012-09-12 07:45:25 UTC
Created attachment 323580 [details, diff]
Patch to CVE-2012-3547

This patch is insipred by git fix in git://git.freeradius.org/freeradius-server.git , commit 684dce7da5fd078. Works with freeradius-2.1.11-r1.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-09-19 01:51:57 UTC
CVE-2012-3547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3547):
  Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
  2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
  attackers to cause a denial of service (server crash) and possibly execute
  arbitrary code via a long "not after" timestamp in a client certificate.
Comment 3 Anton Bolshakov 2012-09-21 13:33:29 UTC
Just in case if you want to bump freeradius-2.2.0 in the same time, you need to add the following:

< 	econf --disable-static --disable-ltdl-install --with-system-libtool \
---
> 	econf --disable-static --disable-ltdl-install --with-system-libtool --with-system-libltdl \

It won't compile without the "--with-system-libltdl" option.
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2012-09-30 04:13:09 UTC
Okay I'm going to look into these and most likely fix them with 2.2.0.
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2012-09-30 07:10:18 UTC
2.2.0 is in. You can probably proceed from here, can't be worse than the current stable...
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-30 21:56:32 UTC
(In reply to comment #5)
> 2.2.0 is in. You can probably proceed from here, can't be worse than the
> current stable...

Thanks, Diego.

Arches, please test and mark stable: =net-dialup/freeradius-2.2.0
Comment 7 Andreas Schürch gentoo-dev 2012-10-02 09:58:45 UTC
x86 done.
Comment 8 Agostino Sarubbo gentoo-dev 2012-10-03 10:29:53 UTC
amd64 stable
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2012-10-03 11:11:39 UTC
Thanks, everyone.

GLSA draft is ready for review.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-11-13 11:58:55 UTC
This issue was resolved and addressed in
 GLSA 201311-09 at http://security.gentoo.org/glsa/glsa-201311-09.xml
by GLSA coordinator Sergey Popov (pinkbyte).