Description
Missing input validation in radsecproxy's naptr-eduroam.sh and
radsec-dynsrv.sh scripts can lead to configuration injection via
crafted radsec peer discovery DNS records.
Impact
Information disclosure, Denial of Service, Redirection af Radius
connection to a non-authenticated server leading to non-authenticated
network access.
Patches
Updated example scripts are available in the master branch and 1.9.0 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually.
Workarounds
The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.
Discoverer(s)/Credits
Philipp Jeitner and Haya Shulman, Fraunhofer SIT
philipp.jeitner@sit.fraunhofer.de
haya.shulman@sit.fraunhofer.de
References
Details on this will be published August 11 2021:
For more information
If you have any questions or comments about this advisory:
Description
Missing input validation in radsecproxy's
naptr-eduroam.shandradsec-dynsrv.shscripts can lead to configuration injection viacrafted radsec peer discovery DNS records.
Impact
Information disclosure, Denial of Service, Redirection af Radius
connection to a non-authenticated server leading to non-authenticated
network access.
Patches
Updated example scripts are available in the master branch and 1.9.0 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually.
Workarounds
The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.
Discoverer(s)/Credits
Philipp Jeitner and Haya Shulman, Fraunhofer SIT
philipp.jeitner@sit.fraunhofer.de
haya.shulman@sit.fraunhofer.de
References
Details on this will be published August 11 2021:
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
For more information
If you have any questions or comments about this advisory: