Skip to content

Missing input validation in dynamic discovery example scripts.

Moderate
fmauchle published GHSA-56gw-9rj9-55rc May 28, 2021

Package

No package listed

Affected versions

<1.9

Patched versions

1.9.0

Description

Description

Missing input validation in radsecproxy's naptr-eduroam.sh and
radsec-dynsrv.sh scripts can lead to configuration injection via
crafted radsec peer discovery DNS records.

Impact

Information disclosure, Denial of Service, Redirection af Radius
connection to a non-authenticated server leading to non-authenticated
network access.

Patches

Updated example scripts are available in the master branch and 1.9.0 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually.

Workarounds

The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.

Discoverer(s)/Credits

Philipp Jeitner and Haya Shulman, Fraunhofer SIT

philipp.jeitner@sit.fraunhofer.de
haya.shulman@sit.fraunhofer.de

References

Details on this will be published August 11 2021:

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2021-32642

Weaknesses

Credits