Your submission was sent successfully! Close

CVE-2015-4680

Published: 05 April 2017

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.2.8+dfsg-0.1build2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
Patches:
Upstream: https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3

Notes

AuthorNote
tyhicks
Upstream states that the recommended configuration is not affected.
Only configurations using certs from a public CA are affected and upstream
says that such configurations are not recommended.
mdeslaur
we will not be fixing this issue in Ubuntu 14.04 LTS. Users are
advised to follow upstream recommendations or to update to a
later Ubuntu release.

References

Bugs