DSA-2573-1 radsecproxy -- SSL certificate verification weaknessID: oval:org.secpod.oval:def:600914 | Date: (C)2012-11-20 (M)2022-10-10 |
Class: PATCH | Family: unix |
Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations. Raphael Geissert spotted that the fix for CVE-2012-4523 was incomplete, giving origin to CVE-2012-4566. Both vulnerabilities are fixed with this update. Notice that this fix may make Radsecproxy reject some clients that are currently being accepted.