Bugtraq mailing list archives
Re: RADIUS (Summary)
From: dbs () HOM NET (Dave Stewart)
Date: Sun, 22 Feb 1998 17:04:06 -0500
At 01:07 PM 2/22/98 -0600, Aleph One wrote:
This is a summary of reports about the radius vulnerability that Phillip R. Jaenke reported. Giving the large number of people that have reported that they are not vulnerable I must wonder what is unique in Phillip's environment that is causing this. Only one person reported Merit RADIUS being vulnerable and that has not been confirmed yet. So far reported not vulnerable: Merit 2.4.23C, Livingston RADIUS 2.0.1 97/5/22 Livingstons RADIUS 2.01 Perl RADIUS module MacRADIUS ESVA Radius Reported vulnerable: Livingston 1.16 to 2.01 (Phillip R. Jaenke) RadiusNT v2.x (Phillip R. Jaenke) merit radius 2.4.23C (jbeley () puma sirinet net)
To explain further - Any RADIUS that's based on Livingston RADIUS 2.0 and higher should be checking for a space in the username, and automatically rejecting the login attempt. I'm running Livingston RADIUS 2.01 under Solaris 2.4 (on a Sparc 10) and under Solaris 2.5 on a Sparc 2. ANY username containing a space causes the daemon to send a reject to the terminal server. I've tried to recreate Phillip's bug report from my Cisco 2511 terminal servers and my Portmaster 3 terminal servers - I can't do it. No matter how many spaces I include anywhere in the username, the RADIUS daemon behaves exactly as expected and returns a reject to the terminal server, while logging the reject and indicating that it found a space in the username. I'm with Aleph One on this one... there simply must be something else in the environment that's causing the daemon to crash. Dave Stewart System Manager Homenet Communications, Inc. ========================================================== PGP Public Key located at: http://www.hom.net/~dbs/dbspub.txt Or the MIT Public key server ========================================================== Mirabilis ICQ UIN - 4982852
Current thread:
- Fw: tetex-0.4pl8 world-writable database Micha? Zalewski (Feb 20)
- Re: Fw: tetex-0.4pl8 world-writable database Marcin Cieslak (Feb 20)
- Pipe attack - an example Micha? Zalewski (Feb 20)
- cfs-1.4.0beta2 root exploitable bug ther (Feb 20)
- WinGate DoS Matt Carothers (Feb 21)
- Quick update on Radius bug Phillip R. Jaenke (Feb 21)
- Workaround for radius bug Phillip R. Jaenke (Feb 21)
- Re: cfs-1.4.0beta2 root exploitable bug ther (Feb 21)
- resource starvation against passwd(1) Antonomasia (Feb 22)
- RADIUS (Summary) Aleph One (Feb 22)
- Re: RADIUS (Summary) Dave Stewart (Feb 22)
- Re: RADIUS (Summary) Phillip R. Jaenke (Feb 22)
- Re: RADIUS (Summary) Josh Richards (Feb 22)