CVE-2015-4680

Published: Apr 5, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.

Affected (22)

Products: Freeradius: Freeradius · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit

1 product

2 products

Linux Enterprise Server

Linux Enterprise Software Development Kit

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Freeradius Freeradius	Version 3.0.0
Freeradius Freeradius	Version 3.0.1
Freeradius Freeradius	Version 3.0.2
Freeradius Freeradius	Version 3.0.3
Freeradius Freeradius	Version 3.0.4
Freeradius Freeradius	Version 3.0.5
Freeradius Freeradius	Version 3.0.6
Freeradius Freeradius	Version 3.0.7
Freeradius Freeradius	Version 3.0.8

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Freeradius Freeradius	Version 2.2.0
Freeradius Freeradius	Version 2.2.1
Freeradius Freeradius	Version 2.2.2
Freeradius Freeradius	Version 2.2.3
Freeradius Freeradius	Version 2.2.4
Freeradius Freeradius	Version 2.2.5
Freeradius Freeradius	Version 2.2.6
Freeradius Freeradius	Version 2.2.7

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 12 sp1
Suse Linux Enterprise Server	Version 12 sp2
Suse Linux Enterprise Server	Version 12 sp2
Suse Linux Enterprise Software Development Kit	Version 12 sp1
Suse Linux Enterprise Software Development Kit	Version 12 sp2

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.ocert.org/advisories/ocert-2015-008.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.securityfocus.com/archive/1/535810/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/75327

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032690

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1234975

Source: cve@mitre.org

Issue TrackingPatch

http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.ocert.org/advisories/ocert-2015-008.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.securityfocus.com/archive/1/535810/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/75327

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032690

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1234975

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.