GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Nov 13, 2013 1:26 pm Post subject: [ GLSA 201311-09 ] FreeRADIUS: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: FreeRADIUS: Multiple vulnerabilities (GLSA 201311-09)
Severity: high
Exploitable: remote
Date: November 13, 2013
Bug(s): #339389, #386183, #434802
ID: 201311-09
Synopsis
Multiple vulnerabilities have been found in FreeRADIUS, the worst
of which allow execution of arbitrary code or Denial of Service.
Background
FreeRADIUS is an open source RADIUS authentication server.
Affected Packages
Package: net-dialup/freeradius
Vulnerable: < 2.2.0
Unaffected: >= 2.2.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in FreeRADIUS. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All FreeRADIUS users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-dialup/freeradius-2.2.0"
|
References
CVE-2010-3696
CVE-2010-3697
CVE-2011-2701
CVE-2012-3547 |
|