mailing list archives
CVE request: radsecproxy incorrect x.509 certificate validation
From: Raphael Geissert <geissert () debian org>
Date: Wed, 17 Oct 2012 12:48:19 -0500
Ralf Paffrath discovered that radsecproxy may incorrectly accept a client
certificate if the certificates chain was validated with the CA settings of
one configuration block but the other certificate constraints failed, and the
certificate constraints of another configuration block passed (ignoring this
other config block's CA settings.)
This issue has been fixed in version 1.6.1. However, it introduces a minor
regression as it ignores some configuration blocks (see the references for
Could a CVE id be assigned?
Thanks in advance.
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
- CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 17)