At work, we've discovered a *SERIOUS* bug in the "radius" dialup authentication software. Affected Platforms: WindowsNT (RadiusNT) Linux Solaris (x86) BSDi NetBSD OpenBSD FreeBSD Problem: If a user appends a certain amount of spaces after their username, Radius will crash, keeping users from logging in. We have been unable to determine the number of spaces, but it is above 5, and below the 'magic 128' as we call it. I'd estimate it at around 32 spaces. Effects: 100% of the time, Radius will crash. All platforms are affected. Multiple servers do not negate these effects, as most terminal servers, when the primary radius authentication server is not there, will switch over to the next one, which will get the same username, and crash, locking all customers out. This appears to affect ALL platforms, be it WindowsNT or a form of unix. It appears to be a bug in radius itself. A coworker has contacted the radius mailing lists. As soon as a fix is known, I will post it here. --Phillip R. Jaenke (prjat_private | prjat_private) Primary Developer, The Improvement Linux Project Core Team Member, The Cyberian RC5 Effort - http://www.cyberian.org/ AKA Kaeyerai (Rediscovery) of MasterTechnoMonster Ketyra Designs, Inc. - Imagine Transmeta sans Linus. That's us. :)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:55 PDT