Search criteria
6 vulnerabilities found for radsecproxy by uninett
CVE-2021-32642 (GCVE-0-2021-32642)
Vulnerability from nvd – Published: 2021-05-28 16:40 – Updated: 2024-08-03 23:25
VLAI?
Title
Missing input validation in dynamic discovery example scripts.
Summary
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| radsecproxy | radsecproxy |
Affected:
< 1.9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc"
},
{
"name": "FEDORA-2021-a4be4c93e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/"
},
{
"name": "FEDORA-2021-d3f8193065",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "radsecproxy",
"vendor": "radsecproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy\u0027s `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T04:06:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc"
},
{
"name": "FEDORA-2021-a4be4c93e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/"
},
{
"name": "FEDORA-2021-d3f8193065",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/"
}
],
"source": {
"advisory": "GHSA-56gw-9rj9-55rc",
"discovery": "UNKNOWN"
},
"title": "Missing input validation in dynamic discovery example scripts.",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32642",
"STATE": "PUBLIC",
"TITLE": "Missing input validation in dynamic discovery example scripts."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "radsecproxy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.0"
}
]
}
}
]
},
"vendor_name": "radsecproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy\u0027s `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
},
{
"name": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc",
"refsource": "CONFIRM",
"url": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc"
},
{
"name": "FEDORA-2021-a4be4c93e4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/"
},
{
"name": "FEDORA-2021-d3f8193065",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/"
}
]
},
"source": {
"advisory": "GHSA-56gw-9rj9-55rc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32642",
"datePublished": "2021-05-28T16:40:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4566 (GCVE-0-2012-4566)
Vulnerability from nvd – Published: 2012-11-20 00:00 – Updated: 2024-09-16 16:17
VLAI?
Summary
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.nordu.net/?p=radsecproxy.git%3Ba=commit%3Bh=3682c935facf5ccd7fa600644bbb76957155c680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-20T00:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.nordu.net/?p=radsecproxy.git%3Ba=commit%3Bh=3682c935facf5ccd7fa600644bbb76957155c680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html"
},
{
"name": "51251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "DSA-2573",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
},
{
"name": "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680",
"refsource": "CONFIRM",
"url": "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4566",
"datePublished": "2012-11-20T00:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T16:17:34.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4523 (GCVE-0-2012-4523)
Vulnerability from nvd – Published: 2012-11-20 00:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html"
},
{
"name": "56105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56105"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://project.nordu.net/browse/RADSECPROXY-43"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html"
},
{
"name": "56105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56105"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://project.nordu.net/browse/RADSECPROXY-43"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html"
},
{
"name": "56105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56105"
},
{
"name": "51251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "https://project.nordu.net/browse/RADSECPROXY-43",
"refsource": "CONFIRM",
"url": "https://project.nordu.net/browse/RADSECPROXY-43"
},
{
"name": "DSA-2573",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4523",
"datePublished": "2012-11-20T00:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32642 (GCVE-0-2021-32642)
Vulnerability from cvelistv5 – Published: 2021-05-28 16:40 – Updated: 2024-08-03 23:25
VLAI?
Title
Missing input validation in dynamic discovery example scripts.
Summary
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| radsecproxy | radsecproxy |
Affected:
< 1.9.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc"
},
{
"name": "FEDORA-2021-a4be4c93e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/"
},
{
"name": "FEDORA-2021-d3f8193065",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "radsecproxy",
"vendor": "radsecproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy\u0027s `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T04:06:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc"
},
{
"name": "FEDORA-2021-a4be4c93e4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/"
},
{
"name": "FEDORA-2021-d3f8193065",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/"
}
],
"source": {
"advisory": "GHSA-56gw-9rj9-55rc",
"discovery": "UNKNOWN"
},
"title": "Missing input validation in dynamic discovery example scripts.",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32642",
"STATE": "PUBLIC",
"TITLE": "Missing input validation in dynamic discovery example scripts."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "radsecproxy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.0"
}
]
}
}
]
},
"vendor_name": "radsecproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy\u0027s `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner"
},
{
"name": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc",
"refsource": "CONFIRM",
"url": "https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc"
},
{
"name": "FEDORA-2021-a4be4c93e4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/"
},
{
"name": "FEDORA-2021-d3f8193065",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/"
}
]
},
"source": {
"advisory": "GHSA-56gw-9rj9-55rc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32642",
"datePublished": "2021-05-28T16:40:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4523 (GCVE-0-2012-4523)
Vulnerability from cvelistv5 – Published: 2012-11-20 00:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html"
},
{
"name": "56105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56105"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://project.nordu.net/browse/RADSECPROXY-43"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html"
},
{
"name": "56105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56105"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://project.nordu.net/browse/RADSECPROXY-43"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[radsecproxy] 20120917 Radsecproxy 1.6.1 is out",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html"
},
{
"name": "56105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56105"
},
{
"name": "51251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "https://project.nordu.net/browse/RADSECPROXY-43",
"refsource": "CONFIRM",
"url": "https://project.nordu.net/browse/RADSECPROXY-43"
},
{
"name": "DSA-2573",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4523",
"datePublished": "2012-11-20T00:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4566 (GCVE-0-2012-4566)
Vulnerability from cvelistv5 – Published: 2012-11-20 00:00 – Updated: 2024-09-16 16:17
VLAI?
Summary
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.nordu.net/?p=radsecproxy.git%3Ba=commit%3Bh=3682c935facf5ccd7fa600644bbb76957155c680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-20T00:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html"
},
{
"name": "51251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "DSA-2573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.nordu.net/?p=radsecproxy.git%3Ba=commit%3Bh=3682c935facf5ccd7fa600644bbb76957155c680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[radsecproxy] 20121025 Radsecproxy 1.6.1 is out",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html"
},
{
"name": "51251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51251"
},
{
"name": "[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/6"
},
{
"name": "DSA-2573",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2573"
},
{
"name": "[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification",
"refsource": "MLIST",
"url": "https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html"
},
{
"name": "[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/17/7"
},
{
"name": "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680",
"refsource": "CONFIRM",
"url": "http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4566",
"datePublished": "2012-11-20T00:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T16:17:34.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}