On 22 Feb 1998, Aleph One wrote: > This is a summary of reports about the radius vulnerability that > Phillip R. Jaenke reported. Giving the large number of people that > have reported that they are not vulnerable I must wonder what is > unique in Phillip's environment that is causing this. Only one person > reported Merit RADIUS being vulnerable and that has not been > confirmed yet. Phillip, What Unix platform are you having this occur on? I am unable to reproduce this so far with RADIUS 2.0.1 which you earlier reported as being vulnerable. Also, on the portmaster-radius users lists, people are also _not_ having any luck exploiting this, yet. Also, specifically which RadiusNT v2.x revision? The NT RADIUS is maintained as a separate code base. > > So far reported not vulnerable: > > Merit 2.4.23C, > Livingston RADIUS 2.0.1 97/5/22 > Livingstons RADIUS 2.01 > Perl RADIUS module > MacRADIUS > ESVA Radius > > Reported vulnerable: > > Livingston 1.16 to 2.01 (Phillip R. Jaenke) > RadiusNT v2.x (Phillip R. Jaenke) > merit radius 2.4.23C (jbeleyat_private) ---- Josh Richards - <jrichardat_private> - [Beta Engineer] LUCENT Technologies - Remote Access Business Unit (formerly Livingston Enterprises, Inc.) http://www.livingston.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:12 PDT