DEBIAN-CVE-2012-4523

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2012-4523

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4523.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2012-4523

Upstream

CVE-2012-4523

Published

2012-11-20T00:55:01.117Z

Modified

2025-11-19T01:03:11.907703Z

Summary

[none]

Details

radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.

References

https://security-tracker.debian.org/tracker/CVE-2012-4523

Affected packages

Debian:11 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4523.json"

Debian:12 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4523.json"

Debian:13 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4523.json"

Debian:14 / radsecproxy

Package

Name: radsecproxy
Purl: pkg:deb/debian/radsecproxy?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4523.json"