CVE-2011-2701
Published: 4 August 2011
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
Notes
Author | Note |
---|---|
mdeslaur | OCSP support was added in 2.1.11 |
Priority
Status
Package | Release | Status |
---|---|---|
freeradius Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(2.1.8+dfsg-1ubuntu1)
|
|
maverick |
Not vulnerable
(2.1.9+dfsg-1ubuntu1)
|
|
natty |
Not vulnerable
(2.1.10+dfsg-2ubuntu2)
|
|
upstream |
Needs triage
|