Re: RADIUS (Summary)

Josh Richards (jrichard@LIVINGSTON.COM)
Sun, 22 Feb 1998 15:07:37 -0800

On 22 Feb 1998, Aleph One wrote:

> This is a summary of reports about the radius vulnerability that
> Phillip R. Jaenke reported. Giving the large number of people that
> have reported that they are not vulnerable I must wonder what is
> unique in Phillip's environment that is causing this. Only one person
> reported Merit RADIUS being vulnerable and that has not been
> confirmed yet.

Phillip,

What Unix platform are you having this occur on? I am unable to reproduce
this so far with RADIUS 2.0.1 which you earlier reported as being
vulnerable. Also, on the portmaster-radius users lists, people are also
_not_ having any luck exploiting this, yet.

Also, specifically which RadiusNT v2.x revision? The NT RADIUS is
maintained as a separate code base.

>
> So far reported not vulnerable:
>
> Merit 2.4.23C,
> Livingston RADIUS 2.0.1 97/5/22
> Livingstons RADIUS 2.01
> Perl RADIUS module
> MacRADIUS
> ESVA Radius
>
> Reported vulnerable:
>
> Livingston 1.16 to 2.01 (Phillip R. Jaenke)
> RadiusNT v2.x (Phillip R. Jaenke)
> merit radius 2.4.23C (jbeley@puma.sirinet.net)

----
Josh Richards - <jrichard@livingston.com> - [Beta Engineer]
LUCENT Technologies - Remote Access Business Unit
(formerly Livingston Enterprises, Inc.)
http://www.livingston.com/