Bugtraq mailing list archives
Re: RADIUS (Summary)
From: jrichard () LIVINGSTON COM (Josh Richards)
Date: Sun, 22 Feb 1998 15:07:37 -0800
On 22 Feb 1998, Aleph One wrote:
This is a summary of reports about the radius vulnerability that Phillip R. Jaenke reported. Giving the large number of people that have reported that they are not vulnerable I must wonder what is unique in Phillip's environment that is causing this. Only one person reported Merit RADIUS being vulnerable and that has not been confirmed yet.
Phillip, What Unix platform are you having this occur on? I am unable to reproduce this so far with RADIUS 2.0.1 which you earlier reported as being vulnerable. Also, on the portmaster-radius users lists, people are also _not_ having any luck exploiting this, yet. Also, specifically which RadiusNT v2.x revision? The NT RADIUS is maintained as a separate code base.
So far reported not vulnerable: Merit 2.4.23C, Livingston RADIUS 2.0.1 97/5/22 Livingstons RADIUS 2.01 Perl RADIUS module MacRADIUS ESVA Radius Reported vulnerable: Livingston 1.16 to 2.01 (Phillip R. Jaenke) RadiusNT v2.x (Phillip R. Jaenke) merit radius 2.4.23C (jbeley () puma sirinet net)
---- Josh Richards - <jrichard () livingston com> - [Beta Engineer] LUCENT Technologies - Remote Access Business Unit (formerly Livingston Enterprises, Inc.) http://www.livingston.com/
Current thread:
- Pipe attack - an example, (continued)
- Pipe attack - an example Micha? Zalewski (Feb 20)
- cfs-1.4.0beta2 root exploitable bug ther (Feb 20)
- WinGate DoS Matt Carothers (Feb 21)
- Quick update on Radius bug Phillip R. Jaenke (Feb 21)
- Workaround for radius bug Phillip R. Jaenke (Feb 21)
- Re: cfs-1.4.0beta2 root exploitable bug ther (Feb 21)
- resource starvation against passwd(1) Antonomasia (Feb 22)
- RADIUS (Summary) Aleph One (Feb 22)
- Re: RADIUS (Summary) Dave Stewart (Feb 22)
- Re: RADIUS (Summary) Phillip R. Jaenke (Feb 22)
- Re: RADIUS (Summary) Josh Richards (Feb 22)