Re: Serious bug in "radius" dialup authentication software

Phillip R. Jaenke (prj@NS2.NLS.NET)
Sat, 21 Feb 1998 13:12:37 +0100

>You're not telling us which radius server. Livingston 1.16 or 2.01?
>Merit? Cistron? etc (As a matter of fact I am sure Cistron is safe).

Since this is the 22nd email I've recieved on this, I decided to CC: to
bugtraq so everyone will PLEASE stop asking me this.

So far, tested servers are:
Livingston 1.16 to 2.01
RadiusNT v2.x
Merit

So far, the only one NOT vulnerable is Merit. Cistron is untested, so I've
got not idea whether or not it is. Best way to test is to telnet to a
terminal server, and login with a valid username, with 40 or more spaces
after it.

As to Cistron being safe; safe is really relative here. If somebody nasty
has your dialup numbers, then you might have to restart radius a lot.
Otherwise, there's really no security risk that I've found.

-prj

-Ed Kuchar (InterNIC Handle: EK113) [ekuchar@NLS.NET]
NetLink Services, Inc. 216.468.5100(Cleveland) - 330.940.2700(Akron)
sales@nls.net - http://www.nls.net - http://www.getinfo.net
Serving: Cleveland, Akron, Medina, & Geauga County