CVE Vulnerabilities

CVE-2021-32642

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: May 28, 2021 | Modified: Nov 07, 2023
CVSS 3.x
9.4
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxys naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Software

Name Vendor Start Version End Version
Radsecproxy Uninett * 1.9.0 (excluding)
Radsecproxy Ubuntu bionic *
Radsecproxy Ubuntu groovy *
Radsecproxy Ubuntu hirsute *
Radsecproxy Ubuntu impish *
Radsecproxy Ubuntu kinetic *
Radsecproxy Ubuntu trusty *
Radsecproxy Ubuntu upstream *
Radsecproxy Ubuntu xenial *

Potential Mitigations

References