Wind River Support Network

HomeDefectsLIN9-4381
Fixed

LIN9-4381 : Security Advisory - freeradius - CVE-2017-9148

Created: Jun 14, 2017    Updated: May 29, 2018
Resolved Date: Aug 10, 2017
Found In Version: 9.0.0.7
Fix Version: 9.0.0.8
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

https://nvd.nist.gov/vuln/detail/CVE-2017-9148

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube