Vulnerability CVE-2012-4566

Vulnerability Name:

CVE-2012-4566 (CCN-80488)

Assigned:

2012-09-13

Published:

2012-09-13

Updated:

2012-11-20

Summary:

The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2012-4566

Source: CONFIRM
Type: UNKNOWN
http://git.nordu.net/?p=radsecproxy.git;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680

Source: SECUNIA
Type: Vendor Advisory
51251

Source: DEBIAN
Type: UNKNOWN
DSA-2573

Source: DEBIAN
Type: DSA-2573
radsecproxy -- SSL certificate verification weakness

Source: MLIST
Type: UNKNOWN
[oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation

Source: MLIST
Type: UNKNOWN
[oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation

Source: XF
Type: UNKNOWN
radsecproxy-dtls-security-bypass(80488)

Source: MLIST
Type: UNKNOWN
[radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification

Source: MLIST
Type: UNKNOWN
[radsecproxy] 20121025 Radsecproxy 1.6.1 is out

Source: CCN
Type: RADSECPROXY-43
Radsecproxy is mixing up pre- and post-TLS-handshake client verification

Vulnerable Configuration:

Configuration 1:

cpe:/a:uninett:radsecproxy:1.0:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.0:alpha:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.0:alpha-p1:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.0:p1:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.1:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.1:alpha:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.1:beta:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.2:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.3:alpha:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.3:beta:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.4:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.5:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:1.6:*:*:*:*:*:*:*

OR cpe:/a:uninett:radsecproxy:*:*:*:*:*:*:*:* (Version <= 1.6.1)

Configuration CCN 1:

cpe:/a:uninett:radsecproxy:1.5:*:*:*:*:*:*:*