Security Advisory 0101

Security Advisory 0101 PDF Date: July 9, 2024 Revision | Date | Changes ---|---|--- 1.0 | July 9, 2024 | Initial release 1.1 | Dec 23, 2024 | Update Vulnerability Assessment for EAP and accounting, Update fixed EOS release The CVE-ID tracking this issue: CVE-2024-3596 CVSSv3.1 Base Score: 9.0...

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

The vulnerability of the general proxy server RADIUS software Radsecproxy, related to insufficient input data validation, allows a perpetrator to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the general proxy server RADIUS software Radsecproxy is related to the lack of input validation in the scripts “naptr-eduroam.sh” and “radsec-dynsrv.sh”. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cau...

Input validation

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

UBUNTU-CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...