Wind River Support Network

HomeDefectsLIN8-6833
Fixed

LIN8-6833 : Security Advisory - freeradius - CVE-2017-9148

Created: Jun 14, 2017    Updated: Dec 3, 2018
Resolved Date: Jun 30, 2017
Found In Version: 8.0.0.18
Fix Version: 8.0.0.19
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

https://nvd.nist.gov/vuln/detail/CVE-2017-9148

Other Downloads


CVEs


Live chat
Online