SB2015070711 - Improper Certificate Validation in freeradius (Alpine package)
Published: July 7, 2015
Security Bulletin ID
SB2015070711
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Certificate Validation (CVE-ID: CVE-2015-4680)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dfd267e265132f42df018ebced128776b2ad0bef
- https://git.alpinelinux.org/aports/commit/?id=7bcdd8e223cc015441dcf8f2177818bf5d82badc
- https://git.alpinelinux.org/aports/commit/?id=21a501bcb8e825d28786199728f6ae1efa4901a0
- https://git.alpinelinux.org/aports/commit/?id=4b9a4960acc5849ec909708baa357c2ca34c2a30
- https://git.alpinelinux.org/aports/commit/?id=1314c0d82fee33213ea17cc7805bdf3a60efac78