Описание
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| freeradius | fixed | 2.2.8+dfsg-0.1 | package | |
| freeradius | no-dsa | jessie | package | |
| freeradius | no-dsa | squeeze | package |
Примечания
Recommended configuration is to use self-signed CAs for EAP-TLS methods.
See raddb/certs/README
https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3 (v2.x.x branch)
http://www.ocert.org/advisories/ocert-2015-008.html
EPSS
Связанные уязвимости
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
EPSS