Bugtraq mailing list archives

Re: RADIUS (Summary)

From: jrichard () LIVINGSTON COM (Josh Richards)
Date: Sun, 22 Feb 1998 15:07:37 -0800


On 22 Feb 1998, Aleph One wrote:

This is a summary of reports about the radius vulnerability that
Phillip R. Jaenke reported. Giving the large number of people that
have reported that they are not vulnerable I must wonder what is
unique in Phillip's environment that is causing this. Only one person
reported Merit RADIUS being vulnerable and that has not been
confirmed yet.


Phillip,

What Unix platform are you having this occur on?  I am unable to reproduce
this so far with RADIUS 2.0.1 which you earlier reported as being
vulnerable.  Also, on the portmaster-radius users lists, people are also
_not_ having any luck exploiting this, yet.

Also, specifically which RadiusNT v2.x revision?  The NT RADIUS is
maintained as a separate code base.


So far reported not vulnerable:

Merit 2.4.23C,
Livingston RADIUS  2.0.1 97/5/22
Livingstons RADIUS 2.01
Perl RADIUS module
MacRADIUS
ESVA Radius

Reported vulnerable:

Livingston 1.16 to 2.01 (Phillip R. Jaenke)
RadiusNT v2.x (Phillip R. Jaenke)
merit radius 2.4.23C (jbeley () puma sirinet net)


----
Josh Richards - <jrichard () livingston com> - [Beta Engineer]
LUCENT Technologies - Remote Access Business Unit
(formerly Livingston Enterprises, Inc.)
http://www.livingston.com/

Current thread:

Pipe attack - an example, (continued)
- Pipe attack - an example Micha? Zalewski (Feb 20)
- cfs-1.4.0beta2 root exploitable bug ther (Feb 20)
  - WinGate DoS Matt Carothers (Feb 21)
  - Quick update on Radius bug Phillip R. Jaenke (Feb 21)
  - Workaround for radius bug Phillip R. Jaenke (Feb 21)
  - Re: cfs-1.4.0beta2 root exploitable bug ther (Feb 21)
  - resource starvation against passwd(1) Antonomasia (Feb 22)
  - RADIUS (Summary) Aleph One (Feb 22)
    - Re: RADIUS (Summary) Dave Stewart (Feb 22)
    - Re: RADIUS (Summary) Phillip R. Jaenke (Feb 22)
    - Re: RADIUS (Summary) Josh Richards (Feb 22)