[nsp-sec] FreeRADIUS vulnerability
Torsten Voss
voss at dfn-cert.de
Mon Sep 10 09:58:57 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi teams,
a stack overflow vulnerability has been identified in FreeRADIUS that allows to
remotely execute arbitrary code via specially crafted client certificates
(before authentication). The vulnerability affects setups using TLS-based EAP
methods (including EAP-TLS, EAP-TTLS, and PEAP).
<http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt>
<http://freeradius.org/security.html>
Best whishes,
Torsten
- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBN8iEACgkQLn8qYyAllOTkEwCbBHdzmNFQQW30nts5kiwq5SRK
I70An0aPlMHc2pUqPdezNrulWpTtTe1M
=IXls
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list