oss-sec mailing list archives
CVE request: radsecproxy incorrect x.509 certificate validation
From: Raphael Geissert <geissert () debian org>
Date: Wed, 17 Oct 2012 12:48:19 -0500
Hi, Ralf Paffrath discovered that radsecproxy may incorrectly accept a client certificate if the certificates chain was validated with the CA settings of one configuration block but the other certificate constraints failed, and the certificate constraints of another configuration block passed (ignoring this other config block's CA settings.) This issue has been fixed in version 1.6.1. However, it introduces a minor regression as it ignores some configuration blocks (see the references for further details.) Could a CVE id be assigned? Thanks in advance. References: https://project.nordu.net/browse/RADSECPROXY-43 https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.html https://postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.html -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 17)
- Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 17)
- Re: CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 30)
- Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 31)