CVE Reference: CVE-2012-4523

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-4523

Description:
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA51251

MLIST
  http://www.openwall.com/lists/oss-security/2012/10/31/6
  http://www.openwall.com/lists/oss-security/2012/10/17/7

DEBIAN
  http://www.debian.org/security/2012/dsa-2573

CONFIRM

BID
  56105


Return to the previous page.