Bugtraq mailing list archives

Re: SNI-22: RADIUS Advisory

From: map () IPHIL NET (miguel a.l. paraz)
Date: Thu, 18 Dec 1997 07:37:06 +0800

Vulnerable Systems:
~~~~~~~~~~~~~~~~~~~

All RADIUS servers based off of Livingston's 1.16 RADIUS server.
Livingston RADIUS servers 2.0, 2.0.1 are not vulnerable.


Cistron radiusd is not vulnerable; it checks the length of the returned
hostname.

--
miguel a.l. paraz       iphil communications, makati city, ph   +63-2-750-2288

Current thread:

CERT Advisory CA-97.28 - Teardrop_Land Aleph One (Dec 16)
- <Possible follow-ups>
- Re: CERT Advisory CA-97.28 - Teardrop_Land Charles M. Hannum (Dec 16)
  - Re: CERT Advisory CA-97.28 - Teardrop_Land Alan Cox (Dec 16)
    - Re: CERT Advisory CA-97.28 - Teardrop_Land Ron Holt (Dec 19)
  - SGI Security Advisory 19971201-01-P1391 - statd(1M) Buffer Overrun SGI Security Coordinator (Dec 16)
  - CERT Vendor-Initiated Bulletin VB-97.16 - CrackLib Aleph One (Dec 17)
  - SNI-22: RADIUS Advisory Secure Networks Inc. (Dec 17)
    - Re: SNI-22: RADIUS Advisory miguel a.l. paraz (Dec 17)
    - CGI security hole in EWS (Excite for Web Servers) Marc Merlin (Dec 17)
    - Re: CGI security hole in EWS (Excite for Web Servers) carson () tla org (Dec 18)
    - Re: SNI-22: RADIUS Advisory Thom Henderson (Dec 18)
    - mIRC Worm Aleph One (Dec 18)
    - Re: mIRC Worm Nigel Reed (Dec 18)
    - Re: mIRC Worm Paul Wilson (Dec 18)
    - StackGuard: Automatic Protection From Stack-smashing Attacks Crispin Cowan (Dec 18)
    - Re: StackGuard: Automatic Protection From Stack-smashing Attacks Tim Newsham (Dec 19)
    - Re: StackGuard: Automatic Protection From Stack-smashing Attacks Theo de Raadt (Dec 19)
    - Xotpcalc, version 1.0 Ivan Nejgebauer (Dec 19)

(Thread continues...)