CVE-2021-32642

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32642

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32642.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32642

Aliases

GHSA-56gw-9rj9-55rc

Related

UBUNTU-CVE-2021-32642

Published

2021-05-28T17:15:07Z

Modified

2024-10-12T07:34:26.724166Z

Severity

9.4 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS Calculator

Summary

[none]

Details

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.

References

Affected packages

Debian:11 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.2-4

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.2-4

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.2-4

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/radsecproxy/radsecproxy

Affected ranges

Type: GIT
Repo: https://github.com/radsecproxy/radsecproxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

43a6fbc14d25d17f691cc160a1bcd90b0f7377e3

Affected versions

1.*

1.7.1

1.7.1-rc1

1.7.2

1.7.2-rc1

1.8.0

1.8.0-beta

1.8.0-rc1

1.8.1

1.8.2

1.9.0-rc1

radsecproxy-1.*

radsecproxy-1.4

radsecproxy-1.4-beta1

radsecproxy-1.4-beta2

radsecproxy-1.4.1

radsecproxy-1.4.2

radsecproxy-1.4.3

radsecproxy-1.5

radsecproxy-1.6

radsecproxy-1.6-rc0

radsecproxy-1.6-rc1

radsecproxy-1.6-rc2

radsecproxy-1.6.1

radsecproxy-1.6.2