[5854] in bugtraq
Re: Crashing an XTACACS authentication server
daemon@ATHENA.MIT.EDU (Alan Brown)
Wed Dec 24 17:55:33 1997
Date: Wed, 24 Dec 1997 15:39:39 +1300
Reply-To: Alan Brown <alan@MANAWATU.GEN.NZ>
From: Alan Brown <alan@MANAWATU.GEN.NZ>
X-To: Coaxial Karma <c_karma@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19971223192110.12947.qmail@hotmail.com>
At 11:21 23/12/97 -0800, Coaxial Karma wrote:
>I recently discovered that when an ISP was using XTACACS server from
>Vikas Aggarwal (vikas@navya.com) in a standalone mode, it was possible
>to
>make the XTACACS server crash by sending it different type of ICMP
>messages.
Nasty, but...
This reinforces the recommendation in Vikas' documentation that xtacacsd be
run out of inetd in persistent mode and not in standalone mode. Having
login/logout control die will at best generate a flurry of support calls
plus mess up time-based accounting or at worst, cost an ISP customers.
Thankfully Tacacs based clients usually default to "no response = no
access", so it only really becomes a security issue if a bogus tacacs
server can be installed on the network _and_ the tacacs servers are
configured to look at it. (Discounting forged udp tacacs responses).
AB
