Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: vulnerability in FreeRADIUS (OCSP)
From: dfncert () dfn-cert de
Date: Mon, 18 Jul 2011 10:47:50 +0200

On Fri, Jul 15, 2011 at 11:18:49AM -0600, Vincent Danen wrote:

A patch was proposed to the packet maintainer.

This is pretty light on the details.  Any references to supply or an
actual description of the problem?
The implemented procedure does not verify the status of
the certificate. For instance, if the certificate has been revoked.

Link to upstream fixes, emails, bugs, whatever?

We are not aware of any upstream fix.

DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 40 808077-555
Sitz/Register: Hamburg,  AG Hamburg,  HRB 88805,  Ust-IdNr.: DE 232129737
Sachsenstra├če 5, 20097 Hamburg/Germany,  CEO: Dr. Klaus-Peter Kossakowski

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]