CVE-2012-4566
First published: Tue Nov 20 2012(Updated: )
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Uninett RadSecProxy | <=1.6.1 | |
| Uninett RadSecProxy | =1.0 | |
| Uninett RadSecProxy | =1.0-alpha | |
| Uninett RadSecProxy | =1.0-alpha-p1 | |
| Uninett RadSecProxy | =1.0-p1 | |
| Uninett RadSecProxy | =1.1 | |
| Uninett RadSecProxy | =1.1-alpha | |
| Uninett RadSecProxy | =1.1-beta | |
| Uninett RadSecProxy | =1.2 | |
| Uninett RadSecProxy | =1.3-alpha | |
| Uninett RadSecProxy | =1.3-beta | |
| Uninett RadSecProxy | =1.3.1 | |
| Uninett RadSecProxy | =1.4 | |
| Uninett RadSecProxy | =1.4.1 | |
| Uninett RadSecProxy | =1.4.2 | |
| Uninett RadSecProxy | =1.4.3 | |
| Uninett RadSecProxy | =1.5 | |
| Uninett RadSecProxy | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680
- http://secunia.com/advisories/51251
- http://www.debian.org/security/2012/dsa-2573
- http://www.openwall.com/lists/oss-security/2012/10/17/7
- http://www.openwall.com/lists/oss-security/2012/10/31/6
- https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html
- https://postlister.uninett.no/sympa/arc/radsecproxy/2012-10/msg00001.html
- http://git.nordu.net/?p=radsecproxy.git%3Ba=commit%3Bh=3682c935facf5ccd7fa600644bbb76957155c680
Frequently Asked Questions
What is the severity of CVE-2012-4566?
CVE-2012-4566 is categorized as a medium severity vulnerability.
How do I fix CVE-2012-4566?
To fix CVE-2012-4566, upgrade radsecproxy to version 1.6.2 or later.
What systems are affected by CVE-2012-4566?
CVE-2012-4566 affects radsecproxy versions up to 1.6.1 and specific earlier versions.
What type of vulnerability is CVE-2012-4566?
CVE-2012-4566 is a security vulnerability related to improper certificate verification.
Can CVE-2012-4566 allow unauthorized access?
Yes, CVE-2012-4566 can potentially allow remote attackers to bypass access restrictions.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/uninett
- canonical/uninett radsecproxy
- version/uninett radsecproxy/1.6.1
- version/uninett radsecproxy/1.0
- version/uninett radsecproxy/1.0-alpha
- version/uninett radsecproxy/1.0-alpha-p1
- version/uninett radsecproxy/1.0-p1
- version/uninett radsecproxy/1.1
- version/uninett radsecproxy/1.1-alpha
- version/uninett radsecproxy/1.1-beta
- version/uninett radsecproxy/1.2
- version/uninett radsecproxy/1.3-alpha
- version/uninett radsecproxy/1.3-beta
- version/uninett radsecproxy/1.3.1
- version/uninett radsecproxy/1.4
- version/uninett radsecproxy/1.4.1
- version/uninett radsecproxy/1.4.2
- version/uninett radsecproxy/1.4.3
- version/uninett radsecproxy/1.5
- version/uninett radsecproxy/1.6