PT-2010-2282 · Apple+1 · Macos X Server+1
Chris Linstruth
·
Published
2010-03-30
·
Updated
2010-05-21
·
CVE-2010-0524
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X Server versions prior to 10.6.3
Description
The issue concerns the default configuration of the FreeRADIUS server, which allows EAP-TLS authenticated connections based on an arbitrary client certificate. This enables remote attackers to gain network connectivity by sending a crafted RADIUS Access Request message.
Recommendations
For Apple Mac OS X Server versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freeradius-Server
Macos X Server