Re: SNI-22: RADIUS Advisory

miguel a.l. paraz (map@IPHIL.NET)
Thu, 18 Dec 1997 07:37:06 +0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc Merlin: "CGI security hole in EWS (Excite for Web Servers)"
Previous message: Secure Networks Inc.: "SNI-22: RADIUS Advisory"
Maybe in reply to: Secure Networks Inc.: "SNI-22: RADIUS Advisory"
Next in thread: Thom Henderson: "Re: SNI-22: RADIUS Advisory"

> Vulnerable Systems:
> ~~~~~~~~~~~~~~~~~~~
>
> All RADIUS servers based off of Livingston's 1.16 RADIUS server.
> Livingston RADIUS servers 2.0, 2.0.1 are not vulnerable.

Cistron radiusd is not vulnerable; it checks the length of the returned
hostname.

--
miguel a.l. paraz       iphil communications, makati city, ph   +63-2-750-2288

Next message: Marc Merlin: "CGI security hole in EWS (Excite for Web Servers)"
Previous message: Secure Networks Inc.: "SNI-22: RADIUS Advisory"
Maybe in reply to: Secure Networks Inc.: "SNI-22: RADIUS Advisory"
Next in thread: Thom Henderson: "Re: SNI-22: RADIUS Advisory"