radsecproxy allows unauthorized access. Missing input validation in naptr-eduroam.sh
and radsec-dynsrv.sh
scripts can lead to configuration injection via malicious radsec peer discovery DNS records.
github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc
lists.fedoraproject.org/archives/list/[email protected]/message/HOC5AFG65NYLMMUTNSBOPC5F4LBAC7BR/
lists.fedoraproject.org/archives/list/[email protected]/message/W7QK5M2SZVMCAFSRQMM6PRZZRQQ372XI/
security-tracker.debian.org/tracker/CVE-2021-32642
www.usenix.org/conference/usenixsecurity21/presentation/jeitner