Scientific Linux Security Update : freeradius on SL7.x x86_64
High Nessus Plugin ID 101104
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption.
A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. (CVE-2017-9148)
SolutionUpdate the affected packages.