Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability
BID:39234
Info
Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability
| Bugtraq ID: | 39234 |
| Class: | Access Validation Error |
| CVE: |
CVE-2010-0524 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2010 12:00AM |
| Updated: | Apr 08 2010 12:12AM |
| Credit: | Chris Linstruth of Qnet |
| Vulnerable: |
Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 |
| Not Vulnerable: |
Apple Mac OS X Server 10.6.3 |
Discussion
Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability
Apple Mac OS X is prone to an authentication-bypass vulnerability that exists in the FreeRADIUS component.
An attacker can exploit this issue to gain unauthorized network access. Successfully exploiting this issue may lead to further attacks.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security
Vulnerabilities) but has been assigned its own record to better document it.
Apple Mac OS X is prone to an authentication-bypass vulnerability that exists in the FreeRADIUS component.
An attacker can exploit this issue to gain unauthorized network access. Successfully exploiting this issue may lead to further attacks.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security
Vulnerabilities) but has been assigned its own record to better document it.
Exploit / POC
Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Apple Mac OS X Server 10.6
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6.2
Solution:
Updates are available. Please see the references for more information.
Apple Mac OS X Server 10.6
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.1
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.2
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.3
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.4
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.5
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.6
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.7
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.8
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.1
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.2
-
Apple MacOSXServerUpd10.6.3.dmg
http://www.apple.com/support/downloads/
References
Apple Mac OS X FreeRADIUS Component EAP-TLS Authentication Bypass Vulnerability
References:
References:
- Mac OS X Homepage (Apple)