Re: Crashing an XTACACS authentication server

• Previous message: Arnt Gulbrandsen: "Re: visible passwd bug in kdm ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>I recently discovered that when an ISP was using XTACACS server from
>Vikas Aggarwal (vikasat_private) in a standalone mode, it was possible
>to make the XTACACS server crash by sending it different type of ICMP
>messages.

Thanks for pointing it out. The daemon was exiting if recvfrom() returned
an error- this has been fixed.

A beta version of the patched code is at ftp.navya.com.

        -vikas
        Vikas Aggarwal
        vikasat_private

• Next message: Aleph One: "CERT Advisory CA-98.01 - smurf"
• Previous message: Arnt Gulbrandsen: "Re: visible passwd bug in kdm ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:08 PDT