At 01:07 PM 2/22/98 -0600, Aleph One wrote: >This is a summary of reports about the radius vulnerability that >Phillip R. Jaenke reported. Giving the large number of people that >have reported that they are not vulnerable I must wonder what is >unique in Phillip's environment that is causing this. Only one person >reported Merit RADIUS being vulnerable and that has not been >confirmed yet. > >So far reported not vulnerable: > >Merit 2.4.23C, >Livingston RADIUS 2.0.1 97/5/22 >Livingstons RADIUS 2.01 >Perl RADIUS module >MacRADIUS >ESVA Radius > >Reported vulnerable: > >Livingston 1.16 to 2.01 (Phillip R. Jaenke) >RadiusNT v2.x (Phillip R. Jaenke) >merit radius 2.4.23C (jbeleyat_private) To explain further - Any RADIUS that's based on Livingston RADIUS 2.0 and higher should be checking for a space in the username, and automatically rejecting the login attempt. I'm running Livingston RADIUS 2.01 under Solaris 2.4 (on a Sparc 10) and under Solaris 2.5 on a Sparc 2. ANY username containing a space causes the daemon to send a reject to the terminal server. I've tried to recreate Phillip's bug report from my Cisco 2511 terminal servers and my Portmaster 3 terminal servers - I can't do it. No matter how many spaces I include anywhere in the username, the RADIUS daemon behaves exactly as expected and returns a reject to the terminal server, while logging the reject and indicating that it found a space in the username. I'm with Aleph One on this one... there simply must be something else in the environment that's causing the daemon to crash. Dave Stewart System Manager Homenet Communications, Inc. ========================================================== PGP Public Key located at: http://www.hom.net/~dbs/dbspub.txt Or the MIT Public key server ========================================================== Mirabilis ICQ UIN - 4982852
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:01 PDT