CVE-2012-3547 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Affected Products (NVD)

Vendor	Product	Version
freeradius	freeradius	2.1.10
freeradius	freeradius	2.1.11
freeradius	freeradius	2.1.12

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

freeradius

bookworm	3.2.1+dfsg-4+deb12u1 fixed
bullseye	3.0.21+dfsg-2.2+deb11u1 fixed
sid	3.2.5+dfsg-3 fixed
trixie	3.2.5+dfsg-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

freeradius

hardy	ignored
lucid	not-affected
natty	Fixed 2.1.10+dfsg-2ubuntu2.1 released
oneiric	Fixed 2.1.10+dfsg-3ubuntu0.11.10.1 released
precise	Fixed 2.1.10+dfsg-3ubuntu0.12.04.1 released

openSUSE / SLES Releases

openSUSE Product

Release

freeradius-server

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-doc

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-krb5

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-ldap

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-libs

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-mysql

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-perl

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-postgresql

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-python

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-sqlite

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

freeradius-server-utils

suse enterprise sap 12 SP5	3.0.19-1.48 fixed
suse enterprise server 12 SP1	3.0.3-10.1 fixed
suse enterprise server 12 SP2	3.0.3-10.1 fixed
suse enterprise server 12 SP5	3.0.19-1.48 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

freeradius

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-krb5

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-ldap

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-mysql

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-perl

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-postgresql

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-python

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-unixODBC

RHEL 6

0:2.1.12-4.el6_3

fixed

freeradius-utils

RHEL 6

0:2.1.12-4.el6_3

fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html

http://freeradius.org/security.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html

http://osvdb.org/85325

http://rhn.redhat.com/errata/RHSA-2012-1326.html

http://rhn.redhat.com/errata/RHSA-2012-1327.html

http://secunia.com/advisories/50484

http://secunia.com/advisories/50584

http://secunia.com/advisories/50637

http://secunia.com/advisories/50770

http://www.debian.org/security/2012/dsa-2546

http://www.mandriva.com/security/advisories?name=MDVSA-2012:159

http://www.openwall.com/lists/oss-security/2012/09/10/2

http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt

http://www.securityfocus.com/bid/55483

http://www.securitytracker.com/id?1027509

http://www.ubuntu.com/usn/USN-1585-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/78408

http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html

http://freeradius.org/security.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html

http://osvdb.org/85325

http://rhn.redhat.com/errata/RHSA-2012-1326.html

http://rhn.redhat.com/errata/RHSA-2012-1327.html

http://secunia.com/advisories/50484

http://secunia.com/advisories/50584

http://secunia.com/advisories/50637

http://secunia.com/advisories/50770

http://www.debian.org/security/2012/dsa-2546

http://www.mandriva.com/security/advisories?name=MDVSA-2012:159

http://www.openwall.com/lists/oss-security/2012/09/10/2

http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt

http://www.securityfocus.com/bid/55483

http://www.securitytracker.com/id?1027509

http://www.ubuntu.com/usn/USN-1585-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/78408